a08c13d147af320744ec2b4422b5691112fb4373c2589723b85161da7d3d0412

Analysis

max time kernel
161s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 02:44

Target

c77a94d04ac39a8e6d7a535ff37e94c0.exe
Size

24KB
MD5

c77a94d04ac39a8e6d7a535ff37e94c0
SHA1

c3c02e002f4dfcc658efda21475dd60e631e14e0
SHA256

a08c13d147af320744ec2b4422b5691112fb4373c2589723b85161da7d3d0412
SHA512

9d491b73d5b54b5b2b7c67b7dc01d12322b3a7039ccfd4b715555ec82800bb03c61d05f9e869e34479f289d8c2bc58ac3f00abffe5891e86ab1e92124ad9d080
SSDEEP

384:Deq8c65XkVkdni07R9nZAeHS26bwflGJmfnZl0W2aOjY3f/doAfgpTTJ:98cGw0nH9nueHS2pf1nbJoY3f/J0J

Score

7^/10

upx

Loads dropped DLL 2 IoCs

pid	Process
3140	c77a94d04ac39a8e6d7a535ff37e94c0.exe
3140	c77a94d04ac39a8e6d7a535ff37e94c0.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2248-0-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral2/memory/2248-6-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral2/memory/3140-10-0x0000000000400000-0x0000000000416000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\1234567Nt.mid	c77a94d04ac39a8e6d7a535ff37e94c0.exe
File created	C:\Program Files\Internet Explorer\7654321t.321	c77a94d04ac39a8e6d7a535ff37e94c0.exe
File created	C:\Program Files\Internet Explorer\1234567Nt.mid	c77a94d04ac39a8e6d7a535ff37e94c0.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3140	c77a94d04ac39a8e6d7a535ff37e94c0.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 3140	2248	c77a94d04ac39a8e6d7a535ff37e94c0.exe	98
PID 2248 wrote to memory of 3140	2248	c77a94d04ac39a8e6d7a535ff37e94c0.exe	98
PID 2248 wrote to memory of 3140	2248	c77a94d04ac39a8e6d7a535ff37e94c0.exe	98

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3280 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:3256

C:\Program Files\Internet Explorer\1234567Nt.mid

Filesize
24KB

MD5
12c8d90b7079a3ca0a3d7d34d21d626b

SHA1
8b6813079fcaaca83fc8b8a588879ab2ab47da63

SHA256
f561fa0f8c4940faccbec6f59aac9d7742c438d880ea49290c3f2a0e42d021b0

SHA512
634f9583f663ee2a26ca56dc574643a23bff716289904ab723ec7fcbdbda2e615fc4e4b91443f193e2a026609d789d6cf6238bf5fe6fae63949621f2317addf8

Download Submit
C:\Program Files\Internet Explorer\7654321t.321

Filesize
30KB

MD5
0073c2a4292ba34923d444409203782a

SHA1
eb74f46a41a641b5e6341c030731dcabd4f349b7

SHA256
541f378239a50a10eb3480f78a79d920c918d458bf80f190bafb70a896bc2fb7

SHA512
70dd97bfe20383216ed9abca51216f1f693292d336bcb27e786e50aeab1163a4d1ff90eb90ef68fb81f28df762be574c034b4afe539cfec030dd8b431dcd7302

Download Submit
memory/2248-0-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2248-6-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/3140-9-0x0000000000580000-0x000000000058D000-memory.dmp

Filesize
52KB

Download
memory/3140-10-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/3140-11-0x0000000000580000-0x000000000058D000-memory.dmp

Filesize
52KB

Download
memory/3140-27-0x0000000000580000-0x000000000058D000-memory.dmp

Filesize
52KB

Download