5f75d20683741d06281496fe1394b4c2e360b8fc6858b67022fa84d54bcba0fd

Analysis

max time kernel
151s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 07:06

Target

caca6f894d1ce54003ef1cf905e7e70a.exe
Size

2.9MB
MD5

caca6f894d1ce54003ef1cf905e7e70a
SHA1

efe4a098229e7bc31ac1f62000ef707cee1eb961
SHA256

5f75d20683741d06281496fe1394b4c2e360b8fc6858b67022fa84d54bcba0fd
SHA512

04c72f7677e08a756d20e9aa7c64e1ed22d8783f709c12da2c8f74279a2e035f17e25364cdf90d1f9a3e07ee330b37df8a241bde3f80ef29824102c4ffc22984
SSDEEP

49152:9d9Mzqm7s5AOJZxW5zDsuNFn5vxE9P4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:9dGem90ZxozDsuNP+9gg3gnl/IVUs1jl

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1136	caca6f894d1ce54003ef1cf905e7e70a.exe

Executes dropped EXE 1 IoCs

pid	Process
1136	caca6f894d1ce54003ef1cf905e7e70a.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3896-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023261-11.dat	upx
behavioral2/memory/1136-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3896	caca6f894d1ce54003ef1cf905e7e70a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3896	caca6f894d1ce54003ef1cf905e7e70a.exe
1136	caca6f894d1ce54003ef1cf905e7e70a.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3896 wrote to memory of 1136	3896	caca6f894d1ce54003ef1cf905e7e70a.exe	98
PID 3896 wrote to memory of 1136	3896	caca6f894d1ce54003ef1cf905e7e70a.exe	98
PID 3896 wrote to memory of 1136	3896	caca6f894d1ce54003ef1cf905e7e70a.exe	98

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4164 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
1⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\caca6f894d1ce54003ef1cf905e7e70a.exe

Filesize
2.9MB

MD5
9b40049da37a97488dfd575c86d1464e

SHA1
5d0d8c723261ee2c5fe06fc53a8f946389ae6a2e

SHA256
b3dc3a1101216d1e9bc219816ed118b8c1a0ab5c39cfeaf7d8ae23f79128ce19

SHA512
2a5f779f799bd5a625708876d56b8582307d2754132e5569bd00ae766047c2fde49f161945b4cfbe67a377fbb170c60876ddff48a1bdb1acdc53dfb431551053

Download Submit
memory/1136-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1136-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1136-14-0x0000000001CB0000-0x0000000001DE3000-memory.dmp

Filesize
1.2MB

Download
memory/1136-20-0x00000000055B0000-0x00000000057DA000-memory.dmp

Filesize
2.2MB

Download
memory/1136-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1136-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3896-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3896-1-0x0000000001D20000-0x0000000001E53000-memory.dmp

Filesize
1.2MB

Download
memory/3896-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3896-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download