f275e6e3ff829cd2b588139359501693b3c854ea691a0d4833cb3786b3b4011d

Analysis

max time kernel
151s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 02:00

Target

ca30cae584cd5c929c724644fdb937a0.exe
Size

5.8MB
MD5

ca30cae584cd5c929c724644fdb937a0
SHA1

838bdeda748340a92c028b8fbf74f06a4a945e26
SHA256

f275e6e3ff829cd2b588139359501693b3c854ea691a0d4833cb3786b3b4011d
SHA512

e01149a5d3fea06185864bee6f5e9736063fc4444917f04cb1ac93e9d67567e50639459ded4f9a92a88bc47db0792d779a4e5addec9ab16b39d08ad1ea6a6564
SSDEEP

98304:PAUsibXe3Wgf4HBUCczzM3AL4WSoJM14HBUCczzM3:IA2WgwWCbWSoWOWC

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
5004	ca30cae584cd5c929c724644fdb937a0.exe

Executes dropped EXE 1 IoCs

pid	Process
5004	ca30cae584cd5c929c724644fdb937a0.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1952-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0008000000023331-10.dat	upx
behavioral2/memory/5004-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1952	ca30cae584cd5c929c724644fdb937a0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1952	ca30cae584cd5c929c724644fdb937a0.exe
5004	ca30cae584cd5c929c724644fdb937a0.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 5004	1952	ca30cae584cd5c929c724644fdb937a0.exe	94
PID 1952 wrote to memory of 5004	1952	ca30cae584cd5c929c724644fdb937a0.exe	94
PID 1952 wrote to memory of 5004	1952	ca30cae584cd5c929c724644fdb937a0.exe	94

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3528 --field-trial-handle=2256,i,6057863739127169200,6895476048812676039,262144 --variations-seed-version /prefetch:8
1⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\ca30cae584cd5c929c724644fdb937a0.exe

Filesize
5.8MB

MD5
0d630435bfa587aee3f98ea87ffa5dfc

SHA1
810b305436531571d30ff29d584f219e90ed58af

SHA256
ab741bafa1be18545753cf67084f4cae894a17210e95b3347c2e1379aaa907f0

SHA512
528b172fea1f4e42c1d3accc8a135f37128c20d3c9c4c70a828e2e7c11b1431e5c51b4280dd24271c0998ef35aa26e5f35e89493bcbe698efd691eb468b0cc70

Download Submit
memory/1952-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1952-1-0x0000000001CC0000-0x0000000001DF3000-memory.dmp

Filesize
1.2MB

Download
memory/1952-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1952-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5004-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5004-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/5004-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5004-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/5004-21-0x0000000005590000-0x00000000057BA000-memory.dmp

Filesize
2.2MB

Download
memory/5004-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download