0ed3e6a0dfbaaefa5365705000a9413cdcc80af611764e9aeb5f252de5e2052b

Analysis

max time kernel
144s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 19:35

Target

c16ca5f218a546d6e366de26b1662d86.exe
Size

744KB
MD5

c16ca5f218a546d6e366de26b1662d86
SHA1

d88ddd6a68106e5fd01ba49a5bbd5cd2c83189c3
SHA256

0ed3e6a0dfbaaefa5365705000a9413cdcc80af611764e9aeb5f252de5e2052b
SHA512

23344cf65143e88a77ddb581dbae982cbcc8f959d5b57472b0199c6c8ca7a5510f1e60bb8f1516dbef6f6175438ff1aee5ac73521d2194f815acd92858ad71f2
SSDEEP

12288:uaHc64b888888888888W888888888889jscV7TdjL47zdU5imqsX3sv33rD+zG/S:F86IIW7uvmQBsHUezG/aYFkJR30F6rpn

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2264	c16ca5f218a546d6e366de26b1662d86.tmp

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	23	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5096 wrote to memory of 2264	5096	c16ca5f218a546d6e366de26b1662d86.exe	95
PID 5096 wrote to memory of 2264	5096	c16ca5f218a546d6e366de26b1662d86.exe	95
PID 5096 wrote to memory of 2264	5096	c16ca5f218a546d6e366de26b1662d86.exe	95

C:\Users\Admin\AppData\Local\Temp\c16ca5f218a546d6e366de26b1662d86.exe
"C:\Users\Admin\AppData\Local\Temp\c16ca5f218a546d6e366de26b1662d86.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5096
- C:\Users\Admin\AppData\Local\Temp\is-QDTQA.tmp\c16ca5f218a546d6e366de26b1662d86.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-QDTQA.tmp\c16ca5f218a546d6e366de26b1662d86.tmp" /SL5="$100052,371795,121344,C:\Users\Admin\AppData\Local\Temp\c16ca5f218a546d6e366de26b1662d86.exe"
  2⤵
  - Executes dropped EXE
  PID:2264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1424 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
1⤵
PID:416

C:\Users\Admin\AppData\Local\Temp\is-QDTQA.tmp\c16ca5f218a546d6e366de26b1662d86.tmp

Filesize
1.1MB

MD5
34acc2bdb45a9c436181426828c4cb49

SHA1
5adaa1ac822e6128b8d4b59a54d19901880452ae

SHA256
9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

SHA512
134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

Download Submit
memory/2264-6-0x0000000000720000-0x0000000000721000-memory.dmp

Filesize
4KB

Download
memory/2264-9-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2264-11-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2264-12-0x0000000000720000-0x0000000000721000-memory.dmp

Filesize
4KB

Download
memory/2264-32-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/5096-1-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/5096-8-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/5096-34-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download