e34b6206ad0899f9aff858ad6b7ec419b226555a639efdaed33ddb64b1ff0e7a

Analysis

max time kernel
13s
max time network
18s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
26/03/2025, 20:18

Target

Built.exe
Size

7.7MB
MD5

42dafc16fcb3f5338c11e3bca78bbbba
SHA1

08be6b99ff6ecb5d6fc601b042404b164627782a
SHA256

e34b6206ad0899f9aff858ad6b7ec419b226555a639efdaed33ddb64b1ff0e7a
SHA512

79825eb0356ca46db08262ec9ca2ad97235c6487e1a9ef83e38b8a558bf68df655d56cf634c2ff5a2a9c8cdf27b1a53b2b9e43f110bef4bba6870f7c0dbdbc5e
SSDEEP

196608:iWY06CwfI9jUCD6rlaZLH7qRGrpIYUoZy8FUsOnAoX:sIH20drKYRZjoX

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2860	Built.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000500000001a480-21.dat	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 844 wrote to memory of 2860	844	Built.exe	30
PID 844 wrote to memory of 2860	844	Built.exe	30
PID 844 wrote to memory of 2860	844	Built.exe	30

C:\Users\Admin\AppData\Local\Temp\Built.exe
"C:\Users\Admin\AppData\Local\Temp\Built.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:844
- C:\Users\Admin\AppData\Local\Temp\Built.exe
  "C:\Users\Admin\AppData\Local\Temp\Built.exe"
  2⤵
  - Loads dropped DLL
  PID:2860

C:\Users\Admin\AppData\Local\Temp\_MEI8442\python313.dll

Filesize
1.8MB

MD5
2a4aad7818d527bbea76e9e81077cc21

SHA1
4db3b39874c01bf3ba1ab8659957bbc28aab1ab2

SHA256
4712a6bb81b862fc292fcd857cef931ca8e4c142e70eaa4fd7a8d0a96aff5e7e

SHA512
d10631b7fc25a8b9cc038514e9db1597cec0580ee34a56ce5cfc5a33e7010b5e1df7f15ec30ebb351356e2b815528fb4161956f26b5bfaf3dce7bc6701b79c68

Download Submit
memory/2860-23-0x000007FEF5970000-0x000007FEF5FD4000-memory.dmp

Filesize
6.4MB

Download