bf3e0bef65e936ed95a8d5d1cf03a8ef3646322bfd04b8eeafba29d46b6e9ce6

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 15:20

Target

b7ba1954a970c0e56cacbc9d2e6fbe1b.exe
Size

1.6MB
MD5

b7ba1954a970c0e56cacbc9d2e6fbe1b
SHA1

beb7ec50c95fa88349ec7ef6b37e08a40d15cf7b
SHA256

bf3e0bef65e936ed95a8d5d1cf03a8ef3646322bfd04b8eeafba29d46b6e9ce6
SHA512

846c10f2ec6dcecf28852bd4a3a247b85274d2cf661a9a03d76fdf98c57a1f51925965f31515ac00068a161c51eba1f0233de5f072c51f8b9bfdc2577b02bccd
SSDEEP

49152:OqIAczae17mv7LBOgqvq/i8jUhko26tMc:LizaamDdOclUhl2O

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2176	b7ba1954a970c0e56cacbc9d2e6fbe1b.exe

Executes dropped EXE 1 IoCs

pid	Process
2176	b7ba1954a970c0e56cacbc9d2e6fbe1b.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3868	b7ba1954a970c0e56cacbc9d2e6fbe1b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3868	b7ba1954a970c0e56cacbc9d2e6fbe1b.exe
2176	b7ba1954a970c0e56cacbc9d2e6fbe1b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3868 wrote to memory of 2176	3868	b7ba1954a970c0e56cacbc9d2e6fbe1b.exe	97
PID 3868 wrote to memory of 2176	3868	b7ba1954a970c0e56cacbc9d2e6fbe1b.exe	97
PID 3868 wrote to memory of 2176	3868	b7ba1954a970c0e56cacbc9d2e6fbe1b.exe	97

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
1⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\b7ba1954a970c0e56cacbc9d2e6fbe1b.exe

Filesize
1.6MB

MD5
59e5ac4dfc1ece38a0504b02c005ea14

SHA1
30f50af778e515711afd83ec8c15d3463dd5cc22

SHA256
9c601049885e9d5b94a37688f3b10016cd76aaf2af2dddd0dfa6aa5e4665580b

SHA512
ff81b3bdfbfffed25ed56a277f65dea8cab23431e8719aed9093202df8d18ae2a9db643ad711c513ef1800e7d0157b475af857b602ffc9ee7c7deb12a8351827

Download Submit
memory/2176-13-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/2176-14-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/2176-17-0x0000000001F10000-0x0000000002387000-memory.dmp

Filesize
4.5MB

Download
memory/2176-20-0x00000000059E0000-0x0000000005C2D000-memory.dmp

Filesize
2.3MB

Download
memory/2176-21-0x0000000000400000-0x0000000000640000-memory.dmp

Filesize
2.2MB

Download
memory/3868-0-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/3868-1-0x0000000001D30000-0x00000000021A7000-memory.dmp

Filesize
4.5MB

Download
memory/3868-2-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/3868-11-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download