55f43e1c4415e625aac76bb9891219a78cb5e440c2defd41fca9c9c894c94623

Analysis

max time kernel
153s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 07:15

Target

c02c34ad18127a3a1575f00ed7cb4b8b.exe
Size

11.7MB
MD5

c02c34ad18127a3a1575f00ed7cb4b8b
SHA1

7353ea3dc1d11abadc831776322bcd09b65649e7
SHA256

55f43e1c4415e625aac76bb9891219a78cb5e440c2defd41fca9c9c894c94623
SHA512

c33e92c559b6e884cd74c40100d4f7ee2927d49f81ac0a8172244b9c7b66095f86387540af59c42fe674dd38cfd7a74de9e697ade46855a3f5e1412dcc954b61
SSDEEP

196608:Z47XG9WCOeUW2WCH/Ao8YVQiWCOeUW2WC:ZUYdp2Fo92dp2

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1524	c02c34ad18127a3a1575f00ed7cb4b8b.exe

Executes dropped EXE 1 IoCs

pid	Process
1524	c02c34ad18127a3a1575f00ed7cb4b8b.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5020-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x001000000002324d-11.dat	upx
behavioral2/memory/1524-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5020	c02c34ad18127a3a1575f00ed7cb4b8b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
5020	c02c34ad18127a3a1575f00ed7cb4b8b.exe
1524	c02c34ad18127a3a1575f00ed7cb4b8b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5020 wrote to memory of 1524	5020	c02c34ad18127a3a1575f00ed7cb4b8b.exe	96
PID 5020 wrote to memory of 1524	5020	c02c34ad18127a3a1575f00ed7cb4b8b.exe	96
PID 5020 wrote to memory of 1524	5020	c02c34ad18127a3a1575f00ed7cb4b8b.exe	96

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1036 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
1⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\c02c34ad18127a3a1575f00ed7cb4b8b.exe

Filesize
3.4MB

MD5
06ac1ef82bf3ac5000c3fd5f32d99ae4

SHA1
1b020840c86c2003c65de91610cc2e40e0fa4e9e

SHA256
f63548d9fea3a55d0a70e2b12086b6ad5d575c753378dafd59d181e435b9bdcf

SHA512
b2614a0dfa322869c07ac882ad7c5ae836e23f1953f27f7916a097373656a78b4694cd605d799ce421671398170f3bb79e694e3e9dec711d7ba9994ccbc80aff

Download Submit
memory/1524-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1524-14-0x0000000001D20000-0x0000000001E53000-memory.dmp

Filesize
1.2MB

Download
memory/1524-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1524-21-0x0000000005620000-0x000000000584A000-memory.dmp

Filesize
2.2MB

Download
memory/1524-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1524-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5020-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5020-1-0x0000000001D50000-0x0000000001E83000-memory.dmp

Filesize
1.2MB

Download
memory/5020-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5020-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download