77fd569d61a9c14d6f89b7320659bb0cf0af171bcf94c0067d9319c9f129330d

Analysis

max time kernel
157s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 19:40

Target

bca34c574370f291edcbda7a4755c972.exe
Size

2.9MB
MD5

bca34c574370f291edcbda7a4755c972
SHA1

a11e6c8b0c7ba5ac91c94cdc80362ee7c79daaea
SHA256

77fd569d61a9c14d6f89b7320659bb0cf0af171bcf94c0067d9319c9f129330d
SHA512

ce5a8f46303ed0ebcc05643ce433f666495b9380056b8733383a04ff853cf96264e554f6c1014c825db8a3f79f7032bae2fbac9f3a5fbb177aef73862898a55b
SSDEEP

49152:XRvU8sz0P2haha5dmH+SnrWaRyCk0HP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:XRvFsrh3dmeSqacCkYgg3gnl/IVUs1jl

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3568	bca34c574370f291edcbda7a4755c972.exe

Executes dropped EXE 1 IoCs

pid	Process
3568	bca34c574370f291edcbda7a4755c972.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2484-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0008000000023237-11.dat	upx
behavioral2/memory/3568-12-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2484	bca34c574370f291edcbda7a4755c972.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2484	bca34c574370f291edcbda7a4755c972.exe
3568	bca34c574370f291edcbda7a4755c972.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 3568	2484	bca34c574370f291edcbda7a4755c972.exe	97
PID 2484 wrote to memory of 3568	2484	bca34c574370f291edcbda7a4755c972.exe	97
PID 2484 wrote to memory of 3568	2484	bca34c574370f291edcbda7a4755c972.exe	97

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3708 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
1⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\bca34c574370f291edcbda7a4755c972.exe

Filesize
2.9MB

MD5
605d0b68bd57f39dfbfadf53745e9c15

SHA1
1cc6073f78cfc1e8146c40599d6c853349aa95b6

SHA256
a5805b786238ab532427d210eeb714739e1e3f8cf66604ab6304de231cf28503

SHA512
4226bee4feeb49957ffda7dc5742998b897a946e185128739a67b5a456b4f3d4247f681fb70402dcb25b9cca720ead8fe90e81c3707de9082c277eebf7ff3752

Download Submit
memory/2484-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2484-1-0x0000000001DA0000-0x0000000001ED3000-memory.dmp

Filesize
1.2MB

Download
memory/2484-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2484-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3568-12-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3568-15-0x0000000001CE0000-0x0000000001E13000-memory.dmp

Filesize
1.2MB

Download
memory/3568-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3568-20-0x00000000055E0000-0x000000000580A000-memory.dmp

Filesize
2.2MB

Download
memory/3568-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3568-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download