6d55e79bb55fad76546840788e578e9278b5ad6bbe677af93b3d11fb039d24ff

Analysis

max time kernel
142s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29-02-2024 01:29

Target

ad594fae5bc68f1248c22f593f22902d.exe
Size

2.7MB
MD5

ad594fae5bc68f1248c22f593f22902d
SHA1

bd2027baefcb38a2b733e0ec2d73201ea9f87752
SHA256

6d55e79bb55fad76546840788e578e9278b5ad6bbe677af93b3d11fb039d24ff
SHA512

7bb77178bbb595f2ca626de65be13ce7ec535c96e956cdbb6e28ff19c509439242e0d690a68464e47447c533dc3250bff2f180408f1b80d599c2676010f42838
SSDEEP

49152:UK/+53LaGY6FXLz0nHEr5AU5qi98pkBccxrQSQlziza6Y8bYQp:h/+JXJfWEr5AU4i9z1x9Qlzbkp

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
5340	ad594fae5bc68f1248c22f593f22902d.exe

Executes dropped EXE 1 IoCs

pid	Process
5340	ad594fae5bc68f1248c22f593f22902d.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4280-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0008000000023264-11.dat	upx
behavioral2/memory/5340-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4280	ad594fae5bc68f1248c22f593f22902d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4280	ad594fae5bc68f1248c22f593f22902d.exe
5340	ad594fae5bc68f1248c22f593f22902d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4280 wrote to memory of 5340	4280	ad594fae5bc68f1248c22f593f22902d.exe	96
PID 4280 wrote to memory of 5340	4280	ad594fae5bc68f1248c22f593f22902d.exe	96
PID 4280 wrote to memory of 5340	4280	ad594fae5bc68f1248c22f593f22902d.exe	96

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3992 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:224

C:\Users\Admin\AppData\Local\Temp\ad594fae5bc68f1248c22f593f22902d.exe

Filesize
1.6MB

MD5
b12fc05155efa02fa97c65bf8e789923

SHA1
e03a984f8437d89f8e4fd8490efa0896f23ef087

SHA256
f6a36e3f43641f9c28f5c9032ad8b8f1de194d18d9a27918691e7219a0f1b26a

SHA512
2a55b617126f1cd2600a0537b408833ace53c1b31a7031a56fc571b08491bac6f5cfcbb7980411ca082b09f93fd39087ce9d3e0121b2f38f07894dc6801b3fe9

Download Submit
memory/4280-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4280-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4280-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4280-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5340-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5340-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/5340-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5340-20-0x0000000005670000-0x000000000589A000-memory.dmp

Filesize
2.2MB

Download
memory/5340-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/5340-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download