2ded396ca097e42f3658f8515d495723eae49159ccf20d305a584f92788b965a

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 15:41

Target

bba185a5b0ab04f3c58ad28503d81ae5.exe
Size

2.9MB
MD5

bba185a5b0ab04f3c58ad28503d81ae5
SHA1

c02c2ddaeaebfb490879902f516ad3914e3373b4
SHA256

2ded396ca097e42f3658f8515d495723eae49159ccf20d305a584f92788b965a
SHA512

61e7683e9f9b838f1c3e4cb5fb85bd5d3e1fd8d146fe5b2d6f6f5970ce07c47a783ffcbbec59e0238bdbb925a41776563e2abfed49d4bed6e9284b7e967ee61f
SSDEEP

49152:quShkNkF+m1V/uS7RwmwWMT6iNoN74NH5HUyNRcUsCVOzetdZJ:quS+NkF+mV/v1wmwJOKo4HBUCczzM3

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3604	bba185a5b0ab04f3c58ad28503d81ae5.exe

Executes dropped EXE 1 IoCs

pid	Process
3604	bba185a5b0ab04f3c58ad28503d81ae5.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1836-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000500000002271f-11.dat	upx
behavioral2/memory/3604-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1836	bba185a5b0ab04f3c58ad28503d81ae5.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1836	bba185a5b0ab04f3c58ad28503d81ae5.exe
3604	bba185a5b0ab04f3c58ad28503d81ae5.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 3604	1836	bba185a5b0ab04f3c58ad28503d81ae5.exe	98
PID 1836 wrote to memory of 3604	1836	bba185a5b0ab04f3c58ad28503d81ae5.exe	98
PID 1836 wrote to memory of 3604	1836	bba185a5b0ab04f3c58ad28503d81ae5.exe	98

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3744 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
1⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\bba185a5b0ab04f3c58ad28503d81ae5.exe

Filesize
1.2MB

MD5
360850f5bdb7911bdc3d9be1f4c39d1f

SHA1
221f565cbc8e4b8f7d5c5fa41febfe004560d13e

SHA256
9583283a5b66c621ee2e0e63cf44cef3832e68294180a22844f43bb0f435ead5

SHA512
01a023134769d6e018d53191b60acaddf8e0add5b50bcbfe7f4caaaed839a393c210841ea0592a5bb9279f17bcda04218c4ade164e32cda7f369362532dbba8b

Download Submit
memory/1836-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1836-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1836-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1836-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3604-15-0x0000000001D30000-0x0000000001E63000-memory.dmp

Filesize
1.2MB

Download
memory/3604-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3604-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3604-20-0x0000000005630000-0x000000000585A000-memory.dmp

Filesize
2.2MB

Download
memory/3604-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3604-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download