59bcfa28629920a9e3aa27412cbeb6c40f83f81b399f80838de5683e5e91b744

Analysis

max time kernel
152s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-03-2024 11:43

Target

c082c91a901d0a9db013d9b3d684f558.exe
Size

1.5MB
MD5

c082c91a901d0a9db013d9b3d684f558
SHA1

11a43c154e54d374ddf91bca2714c7fd0f5addef
SHA256

59bcfa28629920a9e3aa27412cbeb6c40f83f81b399f80838de5683e5e91b744
SHA512

beb6fc96ca1824660baa3d7ec7e470c9e9522b1a56c71470bb21c61c1961aa61a8225266fb785537b124729b67e2b937dc71428280fa2f3f4565b0580ec66fc6
SSDEEP

24576:sb3ipKbtw7Wke2uvvUJfUJYq7x5MgQwQdEno+b9D5eP5AgXVbBxW:ayWQ3LJOujOo69QLVn

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4404	c082c91a901d0a9db013d9b3d684f558.exe

Executes dropped EXE 1 IoCs

pid	Process
4404	c082c91a901d0a9db013d9b3d684f558.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4544-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000400000002271f-11.dat	upx
behavioral2/memory/4404-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4544	c082c91a901d0a9db013d9b3d684f558.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4544	c082c91a901d0a9db013d9b3d684f558.exe
4404	c082c91a901d0a9db013d9b3d684f558.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4544 wrote to memory of 4404	4544	c082c91a901d0a9db013d9b3d684f558.exe	95
PID 4544 wrote to memory of 4404	4544	c082c91a901d0a9db013d9b3d684f558.exe	95
PID 4544 wrote to memory of 4404	4544	c082c91a901d0a9db013d9b3d684f558.exe	95

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
1⤵
PID:1216

C:\Users\Admin\AppData\Local\Temp\c082c91a901d0a9db013d9b3d684f558.exe

Filesize
1.5MB

MD5
933dbc82694b392a5e98ff023706b295

SHA1
945233adb9c0834e31e2ea76434915c90964519e

SHA256
6d603b34b7290fe88fd836f682520130a47514b25d3ddb5295204edde9f4e01b

SHA512
4823ca6a1ba982e26e0604272b64653e14c8977575105dd0948942637908596fb4cb69dc9fe2a879557897a4ea83ffbe300308ce3f2d42ed5e467bfa581fdb21

Download Submit
memory/4404-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4404-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4404-14-0x0000000001D80000-0x0000000001EB3000-memory.dmp

Filesize
1.2MB

Download
memory/4404-20-0x0000000005680000-0x00000000058AA000-memory.dmp

Filesize
2.2MB

Download
memory/4404-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4404-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4544-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4544-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4544-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4544-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download