eefc53d13f077f9b18c67821839189ab5b5f0670ee9f8265558e42532d1c7f0f

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 12:29

Target

bb434573cd75c5375c6efa6739393543.exe
Size

2.7MB
MD5

bb434573cd75c5375c6efa6739393543
SHA1

f5a89ea11c21da81c5068d6af13f1c17655cd4fe
SHA256

eefc53d13f077f9b18c67821839189ab5b5f0670ee9f8265558e42532d1c7f0f
SHA512

aea0dabeacaf4d1fe5b78c502494513653c5aff0b512b7ed4f36710dc07417754395717ad93786a7f8e38d0d17d7e4b10ff40fe1a0332bfad590525aabfdb4e1
SSDEEP

49152:DYqq5kgEr52s4Fm/kZecauvTJ6VYehsip6mOh2XdiMibA/eipq/9BA4ukf:DYk7l2s4Fm/ktd58sipz/vx69i4ukf

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4584	bb434573cd75c5375c6efa6739393543.exe

Executes dropped EXE 1 IoCs

pid	Process
4584	bb434573cd75c5375c6efa6739393543.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2260-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000e000000023157-12.dat	upx
behavioral2/memory/4584-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2260	bb434573cd75c5375c6efa6739393543.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2260	bb434573cd75c5375c6efa6739393543.exe
4584	bb434573cd75c5375c6efa6739393543.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 4584	2260	bb434573cd75c5375c6efa6739393543.exe	96
PID 2260 wrote to memory of 4584	2260	bb434573cd75c5375c6efa6739393543.exe	96
PID 2260 wrote to memory of 4584	2260	bb434573cd75c5375c6efa6739393543.exe	96

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3908 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
1⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\bb434573cd75c5375c6efa6739393543.exe

Filesize
320KB

MD5
69a456555f9818fababbc10f6cbcb6e4

SHA1
3fa4c803a4bcd68f3e7696a97b5b001db8294e82

SHA256
5897a606536275a459a330fc5ea1c3d355424e0eeea5c9e6392358471f02a5d8

SHA512
e88864a5b157a735b4d78163e7d3fc34f53980aff66703191873c9c22156b7807bfb669f579422456c3ac747f85096e647622469dfecb5bfbed9fbd50b7d6561

Download Submit
memory/2260-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2260-1-0x0000000001CF0000-0x0000000001E23000-memory.dmp

Filesize
1.2MB

Download
memory/2260-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2260-11-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4584-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4584-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4584-14-0x0000000001CB0000-0x0000000001DE3000-memory.dmp

Filesize
1.2MB

Download
memory/4584-20-0x00000000055B0000-0x00000000057DA000-memory.dmp

Filesize
2.2MB

Download
memory/4584-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4584-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download