baae71c38e82b7eecce5a3802a40307fa7f7ae2f2dd7bc5b3748b865003087ed

Analysis

max time kernel
156s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-03-2024 09:49

Target

baf18fb2a1051c4e22693e23bd001c67.exe
Size

1.5MB
MD5

baf18fb2a1051c4e22693e23bd001c67
SHA1

4e8387e8ebaf962a1832ad240bd3880b11d16157
SHA256

baae71c38e82b7eecce5a3802a40307fa7f7ae2f2dd7bc5b3748b865003087ed
SHA512

2a6c8afafa62d29d876e75c5136e6d2df1473b419b3e56263386a9209d4d055b23673775cb9f5c6a13d1b47ee1a114cc0b9abe72552cd3abe59f602861dfa241
SSDEEP

24576:C13GpGTCk9L+IrF3UJOGYC+y4iRwraouCKsVOrlhm9rXtlodWi8W:UGu7RkJl+y4iRwOouowvm9plji8

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
628	baf18fb2a1051c4e22693e23bd001c67.exe

Executes dropped EXE 1 IoCs

pid	Process
628	baf18fb2a1051c4e22693e23bd001c67.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3504-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000400000002271f-11.dat	upx
behavioral2/memory/628-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3504	baf18fb2a1051c4e22693e23bd001c67.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3504	baf18fb2a1051c4e22693e23bd001c67.exe
628	baf18fb2a1051c4e22693e23bd001c67.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3504 wrote to memory of 628	3504	baf18fb2a1051c4e22693e23bd001c67.exe	97
PID 3504 wrote to memory of 628	3504	baf18fb2a1051c4e22693e23bd001c67.exe	97
PID 3504 wrote to memory of 628	3504	baf18fb2a1051c4e22693e23bd001c67.exe	97

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3996 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\baf18fb2a1051c4e22693e23bd001c67.exe

Filesize
1.5MB

MD5
4184f6cdd210184a9eccb5533bbbdb1a

SHA1
fac4e35e78ec9f6f77b1c7e0e46f40c7bdf52777

SHA256
fd9ddbaeddb59a35b07a1ba39b27a93c6c57d6b4c99de91fdacd8007c3568b3c

SHA512
30ade1399af0ca9816f51b742b15dc2775e01af1aa431e44f184e0e094cdd504d52589fdec0c3da2909dbc136f11c981ec076d80ccae1bcf3d0b147c0729b940

Download Submit
memory/628-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/628-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/628-15-0x0000000001CA0000-0x0000000001DD3000-memory.dmp

Filesize
1.2MB

Download
memory/628-20-0x00000000055A0000-0x00000000057CA000-memory.dmp

Filesize
2.2MB

Download
memory/628-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/628-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3504-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3504-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3504-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3504-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download