e54a218e50eae088164a3acafdc02c356be062d3a22a64750986a3bfbc7c75ea

Analysis

max time kernel
152s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 02:36

Target

e54a218e50eae088164a3acafdc02c356be062d3a22a64750986a3bfbc7c75ea.exe
Size

692KB
MD5

d11929b8b8377356958586887a08abbe
SHA1

809deae93decc4e580485eb97485f5f711bc9554
SHA256

e54a218e50eae088164a3acafdc02c356be062d3a22a64750986a3bfbc7c75ea
SHA512

6729af6412de48ad3b94680c5d5e80e4d751675c9c05dbeca3f850f99a0adebe35b45832f99073ecd0108cbb145b492bf5f3d609deb1eff86edb80c45cfe940b
SSDEEP

12288:9+UG2DtZodf4UksWxGDsXIRaYKaqAaikvGipl/mYqARNvGXsbpoHEYYylz:rD6flksNsXI8YKX1vr+dSNuXt7

Score

7^/10

upx

Executes dropped EXE 1 IoCs

pid	Process
4376	MicrosoftEdgeUpdate.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4864-0-0x0000000000400000-0x00000000007F5000-memory.dmp	upx
behavioral2/files/0x00070000000231dd-2.dat	upx
behavioral2/files/0x00070000000231dd-4.dat	upx
behavioral2/memory/4864-6-0x0000000000400000-0x00000000007F5000-memory.dmp	upx
behavioral2/memory/4376-8-0x0000000000400000-0x00000000007F5000-memory.dmp	upx

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 4812	4864	e54a218e50eae088164a3acafdc02c356be062d3a22a64750986a3bfbc7c75ea.exe	86
PID 4864 wrote to memory of 4812	4864	e54a218e50eae088164a3acafdc02c356be062d3a22a64750986a3bfbc7c75ea.exe	86
PID 4864 wrote to memory of 4812	4864	e54a218e50eae088164a3acafdc02c356be062d3a22a64750986a3bfbc7c75ea.exe	86
PID 4812 wrote to memory of 4376	4812	cmd.exe	89
PID 4812 wrote to memory of 4376	4812	cmd.exe	89
PID 4812 wrote to memory of 4376	4812	cmd.exe	89

C:\Users\Admin\AppData\Local\Temp\e54a218e50eae088164a3acafdc02c356be062d3a22a64750986a3bfbc7c75ea.exe
"C:\Users\Admin\AppData\Local\Temp\e54a218e50eae088164a3acafdc02c356be062d3a22a64750986a3bfbc7c75ea.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Public\Documents\MicrosoftEdgeUpdate.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4812
- - C:\Users\Public\Documents\MicrosoftEdgeUpdate.exe
    C:\Users\Public\Documents\MicrosoftEdgeUpdate.exe
    3⤵
    - Executes dropped EXE
    PID:4376

C:\Users\Public\Documents\MicrosoftEdgeUpdate.exe

Filesize
692KB

MD5
d11929b8b8377356958586887a08abbe

SHA1
809deae93decc4e580485eb97485f5f711bc9554

SHA256
e54a218e50eae088164a3acafdc02c356be062d3a22a64750986a3bfbc7c75ea

SHA512
6729af6412de48ad3b94680c5d5e80e4d751675c9c05dbeca3f850f99a0adebe35b45832f99073ecd0108cbb145b492bf5f3d609deb1eff86edb80c45cfe940b

Download Submit
C:\Users\Public\Documents\MicrosoftEdgeUpdate.exe

Filesize
692KB

MD5
d11929b8b8377356958586887a08abbe

SHA1
809deae93decc4e580485eb97485f5f711bc9554

SHA256
e54a218e50eae088164a3acafdc02c356be062d3a22a64750986a3bfbc7c75ea

SHA512
6729af6412de48ad3b94680c5d5e80e4d751675c9c05dbeca3f850f99a0adebe35b45832f99073ecd0108cbb145b492bf5f3d609deb1eff86edb80c45cfe940b

Download Submit
memory/4376-8-0x0000000000400000-0x00000000007F5000-memory.dmp

Filesize
4.0MB

Download
memory/4864-0-0x0000000000400000-0x00000000007F5000-memory.dmp

Filesize
4.0MB

Download
memory/4864-5-0x0000000000AB0000-0x0000000000AB1000-memory.dmp

Filesize
4KB

Download
memory/4864-6-0x0000000000400000-0x00000000007F5000-memory.dmp

Filesize
4.0MB

Download