ce3cbe036bb53dfb26eb997a791fb27459d3b1aaca76849d7b611e2d9a145a52

Analysis

max time kernel
135s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 16:19

Target

bbb4599beedabf0c14b01f19fe14c057.exe
Size

2.4MB
MD5

bbb4599beedabf0c14b01f19fe14c057
SHA1

538718f6451e64b369b526c082d78c7455996813
SHA256

ce3cbe036bb53dfb26eb997a791fb27459d3b1aaca76849d7b611e2d9a145a52
SHA512

ccd54a45534ebd4d4cac475d0a4a97dbce169926afa6527b0d1c27b8e4c480f8b5ba9f1e3e4546e9c851874abee8f0fb5fbfa17c7dc8038f13594c325d8ce133
SSDEEP

49152:RkeLqVZnqmd5+9I8vOUOD+ixzqX9mQNP4M338dB2IBlGuuDVUsdxxjr:HL8bd5+9I8vDOD+dgg3gnl/IVUs1jr

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4516	bbb4599beedabf0c14b01f19fe14c057.exe

Executes dropped EXE 1 IoCs

pid	Process
4516	bbb4599beedabf0c14b01f19fe14c057.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2728-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000900000002324b-11.dat	upx
behavioral2/memory/4516-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2728	bbb4599beedabf0c14b01f19fe14c057.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2728	bbb4599beedabf0c14b01f19fe14c057.exe
4516	bbb4599beedabf0c14b01f19fe14c057.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 4516	2728	bbb4599beedabf0c14b01f19fe14c057.exe	96
PID 2728 wrote to memory of 4516	2728	bbb4599beedabf0c14b01f19fe14c057.exe	96
PID 2728 wrote to memory of 4516	2728	bbb4599beedabf0c14b01f19fe14c057.exe	96

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5072 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\bbb4599beedabf0c14b01f19fe14c057.exe

Filesize
2.4MB

MD5
8de41a2568d5b5cc5473e78e218644ca

SHA1
60c0ab7ccb1f3e6549d3bf4e268c995babcc51ad

SHA256
01f8a6128111c26ec931900ca04ac8fe20109734839df669d30a92c287a3bd32

SHA512
395ca27e8b6c696fe5fd813c5334c6beab65c935dede465f62f21c75c2df2199d7c1ca9bad0eaa968203d1d03d5c5df2800658a47fc7d0a3e311ce4102e44d9e

Download Submit
memory/2728-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2728-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2728-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2728-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4516-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4516-14-0x0000000001D60000-0x0000000001E93000-memory.dmp

Filesize
1.2MB

Download
memory/4516-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4516-20-0x0000000005660000-0x000000000588A000-memory.dmp

Filesize
2.2MB

Download
memory/4516-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4516-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download