d4193434a4bd49162a6a11e8797430500262e69978b42312b363b339f0ba53b3

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/02/2024, 23:58

Target

aa7a39027e69f034434a17936cf9a45e.exe
Size

1.5MB
MD5

aa7a39027e69f034434a17936cf9a45e
SHA1

e4898ad4502ac036b35db7b32b412a93fe92366f
SHA256

d4193434a4bd49162a6a11e8797430500262e69978b42312b363b339f0ba53b3
SHA512

06c1d92c60911b4d1a7a4f48419cfe5ed0b98e60d25423d7a28072f9a60e0ed45b0e89529dbdb3788a9d7666d883fa0b250a40fa8e72da7365a08123713136ac
SSDEEP

24576:S2Vof9ABnWLsNdAZuHBKwS7w1fThA1KnW4EKzCssFWBvpGopTUMUD4wdfbtqW:S2XBWYPAeSwdA1CWBKzfvpGopAXxNQ

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1464	aa7a39027e69f034434a17936cf9a45e.exe

Executes dropped EXE 1 IoCs

pid	Process
1464	aa7a39027e69f034434a17936cf9a45e.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2916-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0008000000023251-11.dat	upx
behavioral2/memory/1464-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2916	aa7a39027e69f034434a17936cf9a45e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2916	aa7a39027e69f034434a17936cf9a45e.exe
1464	aa7a39027e69f034434a17936cf9a45e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 1464	2916	aa7a39027e69f034434a17936cf9a45e.exe	96
PID 2916 wrote to memory of 1464	2916	aa7a39027e69f034434a17936cf9a45e.exe	96
PID 2916 wrote to memory of 1464	2916	aa7a39027e69f034434a17936cf9a45e.exe	96

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3208 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
1⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\aa7a39027e69f034434a17936cf9a45e.exe

Filesize
1.5MB

MD5
24555f52b2b4249fb9a49d8e65da4813

SHA1
63cd1638567ff77d9f9c3a853bd3dfc380ca4281

SHA256
479972dd83e216a1175034fa31cf5d92b28262f4ad38e2c3e0e61a44e12dd9ce

SHA512
33d1738202386252ecbe9a3aed2ee93bfbbbdfa5df52d91bbdab7e5a0f6331b4f4a3042e5ec6146a3c4e516ff6c8827c0cda55db8594a72668d7b5daedd5ce6f

Download Submit
memory/1464-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1464-14-0x0000000001CA0000-0x0000000001DD3000-memory.dmp

Filesize
1.2MB

Download
memory/1464-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1464-20-0x00000000055A0000-0x00000000057CA000-memory.dmp

Filesize
2.2MB

Download
memory/1464-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1464-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2916-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2916-1-0x0000000001CF0000-0x0000000001E23000-memory.dmp

Filesize
1.2MB

Download
memory/2916-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2916-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download