f766da895695a554d99745d7f55e37d3eb427bffbbcb4f6d37ca0306cc197844

Analysis

max time kernel
138s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/02/2024, 07:15

Target

adfdba51de0fc3818e573713538a1cdc.exe
Size

2.7MB
MD5

adfdba51de0fc3818e573713538a1cdc
SHA1

a58eff882ff7078dde38743e73fae99aa24eb01a
SHA256

f766da895695a554d99745d7f55e37d3eb427bffbbcb4f6d37ca0306cc197844
SHA512

342fe8c11e562ad0237c3dec5b057bf83c340e3a963378fd649f30c83f776ad9771814d5a6f1f5ff441f9f308962e256b0cc638421b3fe904931f9983c478c6c
SSDEEP

49152:85Lji1oickcGvPVTTWMW6HgHA7IxPn6R9fHn5kgQBHaFIQGyeUaLw0yYLKvR9j:85LjGot6BTyKMJQHfnCQ7Gy70z+vHj

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2656	adfdba51de0fc3818e573713538a1cdc.exe

Executes dropped EXE 1 IoCs

pid	Process
2656	adfdba51de0fc3818e573713538a1cdc.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1572-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000900000002324b-11.dat	upx
behavioral2/memory/2656-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1572	adfdba51de0fc3818e573713538a1cdc.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1572	adfdba51de0fc3818e573713538a1cdc.exe
2656	adfdba51de0fc3818e573713538a1cdc.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1572 wrote to memory of 2656	1572	adfdba51de0fc3818e573713538a1cdc.exe	96
PID 1572 wrote to memory of 2656	1572	adfdba51de0fc3818e573713538a1cdc.exe	96
PID 1572 wrote to memory of 2656	1572	adfdba51de0fc3818e573713538a1cdc.exe	96

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3180 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\adfdba51de0fc3818e573713538a1cdc.exe

Filesize
617KB

MD5
55d760b78479de5de55d84721fa86ad7

SHA1
98cf6ed192d5a28d85fdb0ccab3692b282547e20

SHA256
28dcf1d9c1292b7152d4e566f2cfe50ccb842f155ab81760d078063260271c22

SHA512
3246b9e08add3d7f5914a45cabe3589405e468fc82e6b0f4edc322643c4a9dc78546fa9356319b70ea1bc135e3dea6cfeb85231bfdccf96304a712367b42b288

Download Submit
memory/1572-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1572-1-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/1572-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1572-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2656-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2656-15-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/2656-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2656-20-0x0000000005620000-0x0000000005842000-memory.dmp

Filesize
2.1MB

Download
memory/2656-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2656-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download