897d789f6034926017ff4496f72dcafb17c7fc06e2f7bb68ecd7877c68424448

Analysis

max time kernel
162s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-03-2024 02:46

Target

bfa41eefb04ae0eac30ef2eff1904ce4.exe
Size

4.1MB
MD5

bfa41eefb04ae0eac30ef2eff1904ce4
SHA1

3056141e5f4b316c75f071a6906bec8dee86713c
SHA256

897d789f6034926017ff4496f72dcafb17c7fc06e2f7bb68ecd7877c68424448
SHA512

fb5bf92d42b5f72748951cde154638d3f2246bd66455936d62fca529a20d850953a7a9074686817b182a89555a1fe1ed7ef5061d60991c344c757fdc3c9fb33b
SSDEEP

98304:QNWg6usBFthivcrmEXm4ZsEWIzhLAbb+xoEcEQp3rciRgJ:BXusBnUvcyE24ZsFsA+xVycygJ

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3104	bfa41eefb04ae0eac30ef2eff1904ce4.tmp

Loads dropped DLL 1 IoCs

pid	Process
3104	bfa41eefb04ae0eac30ef2eff1904ce4.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3720 wrote to memory of 3104	3720	bfa41eefb04ae0eac30ef2eff1904ce4.exe	97
PID 3720 wrote to memory of 3104	3720	bfa41eefb04ae0eac30ef2eff1904ce4.exe	97
PID 3720 wrote to memory of 3104	3720	bfa41eefb04ae0eac30ef2eff1904ce4.exe	97

C:\Users\Admin\AppData\Local\Temp\bfa41eefb04ae0eac30ef2eff1904ce4.exe
"C:\Users\Admin\AppData\Local\Temp\bfa41eefb04ae0eac30ef2eff1904ce4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3720
- C:\Users\Admin\AppData\Local\Temp\is-PUQGT.tmp\bfa41eefb04ae0eac30ef2eff1904ce4.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-PUQGT.tmp\bfa41eefb04ae0eac30ef2eff1904ce4.tmp" /SL5="$C0050,3941934,54272,C:\Users\Admin\AppData\Local\Temp\bfa41eefb04ae0eac30ef2eff1904ce4.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4416 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
1⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\is-PUQGT.tmp\bfa41eefb04ae0eac30ef2eff1904ce4.tmp

Filesize
688KB

MD5
c765336f0dcf4efdcc2101eed67cd30c

SHA1
fa0279f59738c5aa3b6b20106e109ccd77f895a7

SHA256
c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28

SHA512
06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QQVA0.tmp\isxdl.dll

Filesize
49KB

MD5
02ecc74f7f91e9ffd84de708683236a6

SHA1
3532de0b77df8b0fc89e9c7eddec3fa71f98f5a2

SHA256
30ad8a0e1cee091ca48c771adb2e76baf1a7d54b9f60dc47f54dfdc2d6f6691e

SHA512
a3fdaa651f82428395bc412a2a04fce673768d3ef088b3748addf337d95464eb141ae7c286bff5c705eae05dd7b38207629588ae7e89ada15269463cd7acf541

Download Submit
memory/3104-8-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/3104-20-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/3104-22-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/3104-23-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/3720-1-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3720-7-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3720-19-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download