1c3878005f3b5d8f3f22b53c3b4cc22b854336115a415521a5897ff3dbd677c6

Analysis

max time kernel
141s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 12:31

Target

bb4401b5e30127c3de4b4056e832eb35.exe
Size

2.9MB
MD5

bb4401b5e30127c3de4b4056e832eb35
SHA1

cf5df2f49c3b2a9c7c286835831833987c1ed2e7
SHA256

1c3878005f3b5d8f3f22b53c3b4cc22b854336115a415521a5897ff3dbd677c6
SHA512

e1c962c989082be5179c080f964c1fa65483083665974ac4a7155624f74afaa4dea7cb35d98dd2d5b07dfe1de2f14a0b6ae9e5a147611827923b9f28207414d3
SSDEEP

49152:Tj6kFcSyqifuo0n6WlEyrU278P4P4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:TOdtLf/0lUA8P4gg3gnl/IVUs1jePs

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
5072	bb4401b5e30127c3de4b4056e832eb35.exe

Executes dropped EXE 1 IoCs

pid	Process
5072	bb4401b5e30127c3de4b4056e832eb35.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1452-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000f00000002324d-11.dat	upx
behavioral2/memory/5072-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1452	bb4401b5e30127c3de4b4056e832eb35.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1452	bb4401b5e30127c3de4b4056e832eb35.exe
5072	bb4401b5e30127c3de4b4056e832eb35.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1452 wrote to memory of 5072	1452	bb4401b5e30127c3de4b4056e832eb35.exe	96
PID 1452 wrote to memory of 5072	1452	bb4401b5e30127c3de4b4056e832eb35.exe	96
PID 1452 wrote to memory of 5072	1452	bb4401b5e30127c3de4b4056e832eb35.exe	96

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4072 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
1⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\bb4401b5e30127c3de4b4056e832eb35.exe

Filesize
2.3MB

MD5
b5be2d2f97b8570b579822bccfff605f

SHA1
af1476e01eff41df0f9d103e2f46870f8550d4f6

SHA256
95db67431ff51f73fd0d32d148d5f1dfd520916b5f1a8fa9c829d323178c20bf

SHA512
295797eb8c2cf4142bc2ddc0d9daa0284fe4c2f26c9e98fcc0e721fa43fd675ae66b45730aa20eaf97f401ee8416793a7704613a15184e716848b781ff89a5ac

Download Submit
memory/1452-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1452-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1452-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1452-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5072-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5072-15-0x0000000001CB0000-0x0000000001DE3000-memory.dmp

Filesize
1.2MB

Download
memory/5072-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5072-20-0x00000000055B0000-0x00000000057DA000-memory.dmp

Filesize
2.2MB

Download
memory/5072-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/5072-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download