c6a7f4277a5aaac6ed7d7be250aa90614547f087e0be1646c4f29467839e02de

Analysis

max time kernel
151s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 13:33

Target

b8da13660d5332a9e08c13e2985f8ee3.exe
Size

2.9MB
MD5

b8da13660d5332a9e08c13e2985f8ee3
SHA1

7e39e5cd887f6f4044005829ec50fc80c44e166e
SHA256

c6a7f4277a5aaac6ed7d7be250aa90614547f087e0be1646c4f29467839e02de
SHA512

d948c7955c1e74a67fc0073f5984e7e8d108ea0d8fd74f40b9b5d817b7a749bd99ad0885933edd88c1981c866178a1d26725192aac7a42be0873519877cfad00
SSDEEP

49152:EfDXPjr5nnUXWocZk9dHTBB4iP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:GVnyWDZuleigg3gnl/IVUs1jePs

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4024	b8da13660d5332a9e08c13e2985f8ee3.exe

Executes dropped EXE 1 IoCs

pid	Process
4024	b8da13660d5332a9e08c13e2985f8ee3.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4480-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000400000002271f-10.dat	upx
behavioral2/memory/4024-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4480	b8da13660d5332a9e08c13e2985f8ee3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4480	b8da13660d5332a9e08c13e2985f8ee3.exe
4024	b8da13660d5332a9e08c13e2985f8ee3.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4480 wrote to memory of 4024	4480	b8da13660d5332a9e08c13e2985f8ee3.exe	96
PID 4480 wrote to memory of 4024	4480	b8da13660d5332a9e08c13e2985f8ee3.exe	96
PID 4480 wrote to memory of 4024	4480	b8da13660d5332a9e08c13e2985f8ee3.exe	96

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4036 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:1304

C:\Users\Admin\AppData\Local\Temp\b8da13660d5332a9e08c13e2985f8ee3.exe

Filesize
2.6MB

MD5
b927caddc46929f14e0ac6235c652f59

SHA1
4147dec4223a5ac80715e46d5cdef1a1019254a1

SHA256
b72b2e7ab25a33af875618cc185eeb86ad6f19f79ba3803d9dd96914a2d66886

SHA512
66d5e6ace85e94bd8e13ac6f539d3130ee96258b10a24f4710c6f0f78308c357bc33feef379c685f96857b6352843dffb63f151919e1e94d6173e6817baa5122

Download Submit
memory/4024-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4024-15-0x0000000001CF0000-0x0000000001E23000-memory.dmp

Filesize
1.2MB

Download
memory/4024-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4024-20-0x00000000055F0000-0x000000000581A000-memory.dmp

Filesize
2.2MB

Download
memory/4024-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4024-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4480-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4480-1-0x0000000001D50000-0x0000000001E83000-memory.dmp

Filesize
1.2MB

Download
memory/4480-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4480-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download