353b51b61cd938744dbdb97248d496d50eda605bccdcec489476f4140ba3181a

Analysis

max time kernel
144s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 11:43

Target

bb2c6b28f28e05fafdc400dc5f2db34a.exe
Size

2.9MB
MD5

bb2c6b28f28e05fafdc400dc5f2db34a
SHA1

1423f25e3106aac40a9d4ffa5c63596f6da29916
SHA256

353b51b61cd938744dbdb97248d496d50eda605bccdcec489476f4140ba3181a
SHA512

6f8e326315bfd345625782ce856821bad8b8e66ed28b92c1f1ded463ed0be1f432ed845e65c435483fb98f8d11ca2e0706068b36e1232593f57b7bf4e8627180
SSDEEP

49152:AgQMq9p1qQYC3RdOJ8CNnUJ/o/TujP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:AgQMksQjOJznUNo/Tujgg3gnl/IVUs1h

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
560	bb2c6b28f28e05fafdc400dc5f2db34a.exe

Executes dropped EXE 1 IoCs

pid	Process
560	bb2c6b28f28e05fafdc400dc5f2db34a.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3872-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0008000000023243-11.dat	upx
behavioral2/memory/560-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3872	bb2c6b28f28e05fafdc400dc5f2db34a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3872	bb2c6b28f28e05fafdc400dc5f2db34a.exe
560	bb2c6b28f28e05fafdc400dc5f2db34a.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3872 wrote to memory of 560	3872	bb2c6b28f28e05fafdc400dc5f2db34a.exe	98
PID 3872 wrote to memory of 560	3872	bb2c6b28f28e05fafdc400dc5f2db34a.exe	98
PID 3872 wrote to memory of 560	3872	bb2c6b28f28e05fafdc400dc5f2db34a.exe	98

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3956 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\bb2c6b28f28e05fafdc400dc5f2db34a.exe

Filesize
2.9MB

MD5
8c8978df02535b35359965555e49a32b

SHA1
22cf1d0bec5cf9da6e98e5c0d47d49740140e872

SHA256
9a520a6b5e24c5e0840eb80c6214fffa482bbb2eb49918b1917cdb203fa2bfdd

SHA512
2d2d8bd803257e46d4640bf6b5c831d28752eea13925ccbd392a4737e6f083a64ce409ff60dab61abd51785ab8308ae5c89cef557d78c80d89495a7cf3d813b6

Download Submit
memory/560-14-0x0000000001CE0000-0x0000000001E13000-memory.dmp

Filesize
1.2MB

Download
memory/560-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/560-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/560-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/560-21-0x00000000055E0000-0x000000000580A000-memory.dmp

Filesize
2.2MB

Download
memory/560-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3872-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3872-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3872-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3872-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download