5d8ac617f593aabd6fb38dd1a73e1f21a51bea8a2ff6145a87a58583a73f1fcf

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 06:17

Target

cab129bebe44a8b9c3af7a546601e2fd.exe
Size

1.5MB
MD5

cab129bebe44a8b9c3af7a546601e2fd
SHA1

e903339e66bb1e5a8df3a5428837e79e17f4bde6
SHA256

5d8ac617f593aabd6fb38dd1a73e1f21a51bea8a2ff6145a87a58583a73f1fcf
SHA512

35ffc7bd730dfe426d19854caf55a7c69669e9193bcbdc09daf2d950461e5676914f2adcba6f8f6b7a27b5184c93bc3851bbaa67145dd64064095d8c97c0ac95
SSDEEP

24576:ssC97EJAIxK0kjSgEo5Gyaa+qXyyHu46DDlC+7QRe7d++iBIN7ixfEW:ssC9gJponOLu/+Q3KVjyINexc

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3608	cab129bebe44a8b9c3af7a546601e2fd.exe

Executes dropped EXE 1 IoCs

pid	Process
3608	cab129bebe44a8b9c3af7a546601e2fd.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4460-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023290-11.dat	upx
behavioral2/memory/3608-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4460	cab129bebe44a8b9c3af7a546601e2fd.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4460	cab129bebe44a8b9c3af7a546601e2fd.exe
3608	cab129bebe44a8b9c3af7a546601e2fd.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4460 wrote to memory of 3608	4460	cab129bebe44a8b9c3af7a546601e2fd.exe	97
PID 4460 wrote to memory of 3608	4460	cab129bebe44a8b9c3af7a546601e2fd.exe	97
PID 4460 wrote to memory of 3608	4460	cab129bebe44a8b9c3af7a546601e2fd.exe	97

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4060 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
1⤵
PID:220

C:\Users\Admin\AppData\Local\Temp\cab129bebe44a8b9c3af7a546601e2fd.exe

Filesize
1.2MB

MD5
fbfde1ba65ac014845828a630327efcf

SHA1
02fc1e08f26508da5e9e0ffc6d4197c89d6264dc

SHA256
41f987c70ccd3be9585408727a9703b99685c6c0475dee7dc4fd8a8dbcb72ba4

SHA512
8f8e6340602b913d21690f2d18715e00dafe4f76328338c28e0dec5c3436c7e667c1dd304aa58200c52d856e13feaf1951945d1999c1f3bca9b06af22340ca60

Download Submit
memory/3608-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3608-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3608-14-0x0000000001D10000-0x0000000001E43000-memory.dmp

Filesize
1.2MB

Download
memory/3608-20-0x0000000005610000-0x000000000583A000-memory.dmp

Filesize
2.2MB

Download
memory/3608-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3608-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4460-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4460-1-0x0000000001D20000-0x0000000001E53000-memory.dmp

Filesize
1.2MB

Download
memory/4460-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4460-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download