296f446785e5396967826c51b635c89f162b9ad5e3d924c8429eac9cbca4c9f3

Analysis

max time kernel
154s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 01:56

Target

bf896b1065c5698c0ea1b48368a8f6e3.exe
Size

2.9MB
MD5

bf896b1065c5698c0ea1b48368a8f6e3
SHA1

71db94f3d498b7aaec30e75fa4578c0703855f99
SHA256

296f446785e5396967826c51b635c89f162b9ad5e3d924c8429eac9cbca4c9f3
SHA512

e3e653b0124d790306c927e31e57770f7454477f752f1f5742fbcf5b1c59fa7c8a4e39ed9ffe0adf11ca11f53cc82e77efd352ebb8999cd819691afdfa55561a
SSDEEP

49152:w4KVL4KfxwBCg9Rd2zpQvVyhYedf+RP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:3KVBzp+VyhYgWRgg3gnl/IVUs1jePs

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1328	bf896b1065c5698c0ea1b48368a8f6e3.exe

Executes dropped EXE 1 IoCs

pid	Process
1328	bf896b1065c5698c0ea1b48368a8f6e3.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4556-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000400000002271f-11.dat	upx
behavioral2/memory/1328-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4556	bf896b1065c5698c0ea1b48368a8f6e3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4556	bf896b1065c5698c0ea1b48368a8f6e3.exe
1328	bf896b1065c5698c0ea1b48368a8f6e3.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4556 wrote to memory of 1328	4556	bf896b1065c5698c0ea1b48368a8f6e3.exe	97
PID 4556 wrote to memory of 1328	4556	bf896b1065c5698c0ea1b48368a8f6e3.exe	97
PID 4556 wrote to memory of 1328	4556	bf896b1065c5698c0ea1b48368a8f6e3.exe	97

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3704 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
1⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\bf896b1065c5698c0ea1b48368a8f6e3.exe

Filesize
1.0MB

MD5
ecd5e0098426ac3a8a8c65f43a8e6832

SHA1
50382407cff98f41ed626d7e7f8bc8ed9af3f2a2

SHA256
0dab7c166a1cbd1f56020261411767b3c0e8a8e6410b9641a525059a77a0ac70

SHA512
45560c5198c7dc24ce8b991ef7c6ffd69826a7aa26ad086c62868689eb903f2c358598116ab6c6d97d7bb64da3f098a7d39c9c6ae9220ef9822a70d13248872c

Download Submit
memory/1328-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1328-14-0x0000000001E00000-0x0000000001F33000-memory.dmp

Filesize
1.2MB

Download
memory/1328-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1328-20-0x0000000005700000-0x000000000592A000-memory.dmp

Filesize
2.2MB

Download
memory/1328-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1328-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4556-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4556-1-0x0000000001BF0000-0x0000000001D23000-memory.dmp

Filesize
1.2MB

Download
memory/4556-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4556-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download