f29eb8f721ee3210dfcdbb7245c36ca05d72f78e9182e72e745de78870bf8d97

Analysis

max time kernel
141s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 20:22

Target

b991d982faec019c8a027c1c16133209.exe
Size

1.3MB
MD5

b991d982faec019c8a027c1c16133209
SHA1

4e27c162315b663f96b4699a7ad2036dce597fff
SHA256

f29eb8f721ee3210dfcdbb7245c36ca05d72f78e9182e72e745de78870bf8d97
SHA512

db7e0d5282e9a8d2a952f3b64e45adaf19d04defe5a17b0daeed854d660b50790c738d7884d7b972386b97b0069ae89366ed646dc8ed5a50f8c4a7de08c53714
SSDEEP

24576:fcxj8Oixz03mk5D6wrnZ3dfWcrtMFjnEeh0NOb6rcvG:fcxIOszrOFrnZ3VWcrtMZEU

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2176	b991d982faec019c8a027c1c16133209.exe

Executes dropped EXE 1 IoCs

pid	Process
2176	b991d982faec019c8a027c1c16133209.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1800-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral2/files/0x000900000002326c-13.dat	upx
behavioral2/memory/2176-15-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1800	b991d982faec019c8a027c1c16133209.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1800	b991d982faec019c8a027c1c16133209.exe
2176	b991d982faec019c8a027c1c16133209.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1800 wrote to memory of 2176	1800	b991d982faec019c8a027c1c16133209.exe	100
PID 1800 wrote to memory of 2176	1800	b991d982faec019c8a027c1c16133209.exe	100
PID 1800 wrote to memory of 2176	1800	b991d982faec019c8a027c1c16133209.exe	100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3752 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\b991d982faec019c8a027c1c16133209.exe

Filesize
1.3MB

MD5
03bd15e297ac57ee76be7fb343a44224

SHA1
e41d1a3348ac1ee9d6df40122675098434bfc42b

SHA256
d3d57e281e2601005894cb7073a5b35c593274410c570013336a042d6f863b37

SHA512
7b0b588ce82c2e3c161f600f4204218c42fd88265c8aeaeaea5af9f829b5e50a4d751a149446bb3d9a7098d9a9cb86eacc2f6a91c8a1275573dc2e383a2fdad1

Download Submit
memory/1800-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1800-1-0x0000000001B70000-0x0000000001C82000-memory.dmp

Filesize
1.1MB

Download
memory/1800-2-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1800-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2176-15-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2176-16-0x0000000001870000-0x0000000001982000-memory.dmp

Filesize
1.1MB

Download
memory/2176-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2176-24-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download