c4343eeb275875b662335a34c420ce7e4497509866bfa6d2958a2bc762de32ba

Analysis

max time kernel
143s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 02:37

Target

bf9ec7314315f0d71e774b3305fd4440.exe
Size

2.7MB
MD5

bf9ec7314315f0d71e774b3305fd4440
SHA1

ed5a4ae3c48f3c97657723e1a5525cd1930b8b62
SHA256

c4343eeb275875b662335a34c420ce7e4497509866bfa6d2958a2bc762de32ba
SHA512

c0ea00e02197e1d9ce3fcc8bc68d8c0bd7957876692fc5aacc7223678f981eda38a0c932e04af97daac389ebdafce7258bdb70125e743f311cf27af4c4a5a661
SSDEEP

49152:jT/slXMw8HddNlKgqTH9I1p3rcaeb1Td2mt0yS0vt:jMXMwGd3Kgqj9I1p7Beb1T1aq

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4432	bf9ec7314315f0d71e774b3305fd4440.exe

Executes dropped EXE 1 IoCs

pid	Process
4432	bf9ec7314315f0d71e774b3305fd4440.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1784-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral2/files/0x000700000002325c-13.dat	upx
behavioral2/memory/4432-15-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1784	bf9ec7314315f0d71e774b3305fd4440.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1784	bf9ec7314315f0d71e774b3305fd4440.exe
4432	bf9ec7314315f0d71e774b3305fd4440.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1784 wrote to memory of 4432	1784	bf9ec7314315f0d71e774b3305fd4440.exe	97
PID 1784 wrote to memory of 4432	1784	bf9ec7314315f0d71e774b3305fd4440.exe	97
PID 1784 wrote to memory of 4432	1784	bf9ec7314315f0d71e774b3305fd4440.exe	97

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1044 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
1⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\bf9ec7314315f0d71e774b3305fd4440.exe

Filesize
2.7MB

MD5
08dd5f961d59a6e20d8db4fa527c2648

SHA1
1c91ca816aa5e7d988e9cdc1c2cb26c106d18475

SHA256
612c04fbb2c141911474a114967ee83c6f043231d1dc161ecf8764e6c5c1e120

SHA512
e105d55732758a47e4570b5ced68ff4d810a4fd079de9eb7afb772ef862a9ba80186c53c19d6c186c117f4172f0b1111943ef2c6011dba2a7ed14f9caa0a0fa7

Download Submit
memory/1784-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1784-1-0x0000000001B60000-0x0000000001C72000-memory.dmp

Filesize
1.1MB

Download
memory/1784-2-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1784-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/4432-15-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/4432-17-0x0000000001870000-0x0000000001982000-memory.dmp

Filesize
1.1MB

Download
memory/4432-16-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/4432-24-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download