4b228826b48d7df73593874662ae2fe84ae90a739d6dce21700f69ace9f88b35

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 02:34

Target

ca43a44ce6383427ed75dbdfee0a3bda.exe
Size

3.9MB
MD5

ca43a44ce6383427ed75dbdfee0a3bda
SHA1

f7276d83ced99f9d4c12d20c2ea56c9d0287003e
SHA256

4b228826b48d7df73593874662ae2fe84ae90a739d6dce21700f69ace9f88b35
SHA512

7b56f79deedd10529a9eb84eeaa0ce64e06e7e57f5e846c7222f1d6476f6d51860e784e39a908652fa51cac1400e9d5220e420c121700ca118de36dc471448f9
SSDEEP

98304:gW7CofVMAgg3gnl/IVUt4pJWzZtIygg3gnl/IVUV:F7NV5gl/iwgWttJgl/iG

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1316	ca43a44ce6383427ed75dbdfee0a3bda.exe

Executes dropped EXE 1 IoCs

pid	Process
1316	ca43a44ce6383427ed75dbdfee0a3bda.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2112-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000800000001db2a-11.dat	upx
behavioral2/memory/1316-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2112	ca43a44ce6383427ed75dbdfee0a3bda.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2112	ca43a44ce6383427ed75dbdfee0a3bda.exe
1316	ca43a44ce6383427ed75dbdfee0a3bda.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 1316	2112	ca43a44ce6383427ed75dbdfee0a3bda.exe	93
PID 2112 wrote to memory of 1316	2112	ca43a44ce6383427ed75dbdfee0a3bda.exe	93
PID 2112 wrote to memory of 1316	2112	ca43a44ce6383427ed75dbdfee0a3bda.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4192 --field-trial-handle=2700,i,14629483171127516024,12350888228055326066,262144 --variations-seed-version /prefetch:8
1⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\ca43a44ce6383427ed75dbdfee0a3bda.exe

Filesize
1.8MB

MD5
b35fef0907be578d5eaa4858ee95c7fd

SHA1
f698d02a370acfce7f1d2b3e74b0cdaa4165f9f4

SHA256
ad35eeba00fb3687ff62b6a3e575ee3790cbfa763ce95b1dcc1573a08809b0c8

SHA512
c8e3a6a4f27db86158df7ba6a14e4beea42616ff044e4cf4472613f9404e9e9cb5539d2cd278ae8e3e608815b523249f763372bc78b73168e8bda69f9dce8153

Download Submit
memory/1316-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1316-14-0x0000000001D00000-0x0000000001E33000-memory.dmp

Filesize
1.2MB

Download
memory/1316-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1316-20-0x0000000005600000-0x000000000582A000-memory.dmp

Filesize
2.2MB

Download
memory/1316-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1316-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2112-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2112-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2112-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2112-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download