cc1e779673820c9c4a8896fc13eaa5a24b46152fdd10d507aa638fbf0e23d777

Analysis

max time kernel
0s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 00:27

Target

21ad835e876e292391749708ac501275.exe
Size

680KB
MD5

21ad835e876e292391749708ac501275
SHA1

93e83a28851ad33f6cd5c23671065ac348df2215
SHA256

cc1e779673820c9c4a8896fc13eaa5a24b46152fdd10d507aa638fbf0e23d777
SHA512

63df842cd969cb3d9f82ab6c612e0cb278089905d86741cecbc240a7291a4b740cf6446e6c26663e0132e4f750b5be0220d2399edd204d60026e4f5da9aa8197
SSDEEP

12288:d3DAAw0jmgI7E8Gq2VvhxNOMfg33sUKpfcsFmcyouqa3wTQipT:d3DXw0agI7EjVvHXg33OpfPFmcyouqau

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4116-0-0x0000000000400000-0x00000000005B6000-memory.dmp	upx
behavioral2/memory/4116-64-0x0000000000400000-0x00000000005B6000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4540	4116	WerFault.exe	12

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	21ad835e876e292391749708ac501275.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	21ad835e876e292391749708ac501275.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4116	21ad835e876e292391749708ac501275.exe
4116	21ad835e876e292391749708ac501275.exe

C:\Users\Admin\AppData\Local\Temp\21ad835e876e292391749708ac501275.exe
"C:\Users\Admin\AppData\Local\Temp\21ad835e876e292391749708ac501275.exe"
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4116
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 2576
  2⤵
  - Program crash
  PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4116 -ip 4116
1⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\index.html

Filesize
10KB

MD5
9b2dddda7c44a4ca043f5fa5023b975c

SHA1
d3afa2953382178ba396f9478e96439c0f6e4a6a

SHA256
ceec4cb5eb38bfeffa7a8ce48cf014b1e69d94296dd6235d2e5fe7ab6029b6fa

SHA512
9325eab7acd074bcf6c74ab578b49821a982d21b26b7eaeda6031b3f19a21fae655834a2e75386d3ea0f6930d8a747729d32b5d3071e3af396c6cd0699d9d231

Download Submit
C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\js\jquery-ui.min.1.8.0.js

Filesize
32KB

MD5
2cd8688df6acf8fd5a7884f7f2df7b2c

SHA1
1deee5a8e73fd1981188bf210b97150ec476a70b

SHA256
9fcd596b953cca5628c8010e1cd77ded13aebe7d1924e2a246cdacc28b8805ac

SHA512
849d4ff181b6aa88b8b0895b9635178a455f873f1826a68c9f0681fce48033532ac99d5a85b1565eff0f0fde3fda3910546980b8b538ae9a346628f96643fb9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\js\jquery.min.1.6.4.js

Filesize
69KB

MD5
a8342644cea35159453abd98f2934947

SHA1
7acb7083d6b0d0049e35c473f9a7c57bb65eb8f6

SHA256
b7ccf855a06c228571e492d466d44ed61eb6e15251a720e51f4103fc65b41338

SHA512
cbdb4eb97c376bbc6c8124bf849fd105c2ec4942d3372247a658518dd54df9e204202070d37ec6f3526017616510e575d8b6d73ffea39bd74434e9987cca4c8b

Download Submit
memory/4116-0-0x0000000000400000-0x00000000005B6000-memory.dmp

Filesize
1.7MB

Download
memory/4116-1-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/4116-64-0x0000000000400000-0x00000000005B6000-memory.dmp

Filesize
1.7MB

Download