6cc2d36569d8b62e94c88f958ff7bffa0a6ccaf2f2aa2045d2aae591565e1c13

Analysis

max time kernel
144s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 05:04

Target

bfe98ccf1fe3f9c43af64cbf1dda9812.exe
Size

5.3MB
MD5

bfe98ccf1fe3f9c43af64cbf1dda9812
SHA1

64cade40efbecb4544632361053b6dea231161da
SHA256

6cc2d36569d8b62e94c88f958ff7bffa0a6ccaf2f2aa2045d2aae591565e1c13
SHA512

36caae92fc0ca30aacf5bbb40e25ca510b0b9ff3cd683bceaf06ecbdfefd449b2bd328598e35f9084bea69df0adce2a9e5413c5cdff8e5084c2959e663719f74
SSDEEP

98304:Q5PxIudMWRD6eiEtmBm5zBqX5EglAqrn5OIQiHBGn5HOMJesq4ArQP0YBqX5EglZ:QNx25eFLgOqrn5OoG59e2Am0+gOqrn5B

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2384	bfe98ccf1fe3f9c43af64cbf1dda9812.exe

Executes dropped EXE 1 IoCs

pid	Process
2384	bfe98ccf1fe3f9c43af64cbf1dda9812.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4852-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000b000000016fa5-11.dat	upx
behavioral2/memory/2384-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4852	bfe98ccf1fe3f9c43af64cbf1dda9812.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4852	bfe98ccf1fe3f9c43af64cbf1dda9812.exe
2384	bfe98ccf1fe3f9c43af64cbf1dda9812.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4852 wrote to memory of 2384	4852	bfe98ccf1fe3f9c43af64cbf1dda9812.exe	99
PID 4852 wrote to memory of 2384	4852	bfe98ccf1fe3f9c43af64cbf1dda9812.exe	99
PID 4852 wrote to memory of 2384	4852	bfe98ccf1fe3f9c43af64cbf1dda9812.exe	99

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1400 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
1⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\bfe98ccf1fe3f9c43af64cbf1dda9812.exe

Filesize
5.3MB

MD5
76c9288e0573e6a408d1c6b28fb5811f

SHA1
0a9a7dc7685ffda387e2d3487abb2274a05ded33

SHA256
f0f6e0aa5b525c0a68e90d2edfa73f440d8d0426cd38592333e5112957174cf4

SHA512
31c69a21669fb3effd9a12d0f1dae8b75aa83ba539005eb62137ae3f00e6640a1dfb630325aaa66b98113842b1cc87b07806800c35c5788c4a05783e1bdfa43e

Download Submit
memory/2384-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2384-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2384-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2384-20-0x00000000056D0000-0x00000000058FA000-memory.dmp

Filesize
2.2MB

Download
memory/2384-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2384-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4852-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4852-1-0x0000000001CF0000-0x0000000001E23000-memory.dmp

Filesize
1.2MB

Download
memory/4852-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4852-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download