d08ebe72956585e4404201904251d0c498469603003b73a26fb0550137835779

Analysis

max time kernel
144s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 21:48

Target

c1af976e15b3c0f4afdaf12ba85bad46.exe
Size

2.7MB
MD5

c1af976e15b3c0f4afdaf12ba85bad46
SHA1

af07838ac47e82b77c81f513c94b320655499ce1
SHA256

d08ebe72956585e4404201904251d0c498469603003b73a26fb0550137835779
SHA512

59772ec499b00cf2cfd7a7f28429f8de2a17cf47e2cdec0dee33bb7df652a1f07f919c0ce42c83e6fab4f4e0b7ad0f52403d3d0994616b06cfb881b2dd237a7d
SSDEEP

49152:7GT3V6JfmviGtwjjJDd5BaNEjZgjhU2g1cn0SPrr/SzURJZEiJmPlTqijO9UTlIp:7GTlEuviGEONmgjJ+c0SPrr17DfijO9J

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4000	c1af976e15b3c0f4afdaf12ba85bad46.exe

Executes dropped EXE 1 IoCs

pid	Process
4000	c1af976e15b3c0f4afdaf12ba85bad46.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4624-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00030000000227e7-11.dat	upx
behavioral2/memory/4000-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4624	c1af976e15b3c0f4afdaf12ba85bad46.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4624	c1af976e15b3c0f4afdaf12ba85bad46.exe
4000	c1af976e15b3c0f4afdaf12ba85bad46.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4624 wrote to memory of 4000	4624	c1af976e15b3c0f4afdaf12ba85bad46.exe	99
PID 4624 wrote to memory of 4000	4624	c1af976e15b3c0f4afdaf12ba85bad46.exe	99
PID 4624 wrote to memory of 4000	4624	c1af976e15b3c0f4afdaf12ba85bad46.exe	99

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3376 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\c1af976e15b3c0f4afdaf12ba85bad46.exe

Filesize
86KB

MD5
44815e5a6fd7b9422fae14801a1751e8

SHA1
1818cefd3e95d42b93bab71ede4df599537c4552

SHA256
1b9ae9c6daaac2b7eae1e1534c35416b5651bddd643e93817d3d140e053fc7a0

SHA512
3b414bbb6c826488b96b1a537a1dde3d145ee4e2aeac1525445829fd95a85656e0c6c7166eb5aea3d347ae5fe5f146d8f6dac68554664e418050a0a9d9e19e4e

Download Submit
memory/4000-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4000-15-0x0000000001DE0000-0x0000000001F13000-memory.dmp

Filesize
1.2MB

Download
memory/4000-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4000-20-0x00000000056E0000-0x000000000590A000-memory.dmp

Filesize
2.2MB

Download
memory/4000-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4000-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4624-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4624-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4624-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4624-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download