e1c622bca17051440ca951ebdb0ee41e91f80de56ac97295b2dc5ed12d6e91bf

Analysis

max time kernel
154s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16-03-2024 05:07

Target

cd2f6136abf2ba057317c551ee919eb8.exe
Size

5.8MB
MD5

cd2f6136abf2ba057317c551ee919eb8
SHA1

7a568cdaec3454cce146433236656e860752dcaf
SHA256

e1c622bca17051440ca951ebdb0ee41e91f80de56ac97295b2dc5ed12d6e91bf
SHA512

cb1d2ec45b4dc9b058c5a1fad4e0926026901fe933fe8712915e313ac17261179b137713c626e71ff0d51fe5b837cb0dde0fc8417a30f1e705444e938c0aa3b8
SSDEEP

98304:m15lcSS6YNBkPQHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNwk6:mHqDVNG6auq1jI86FA7y2auq1jI86

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3112	cd2f6136abf2ba057317c551ee919eb8.exe

Executes dropped EXE 1 IoCs

pid	Process
3112	cd2f6136abf2ba057317c551ee919eb8.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3964-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000800000002325d-11.dat	upx
behavioral2/memory/3112-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3964	cd2f6136abf2ba057317c551ee919eb8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3964	cd2f6136abf2ba057317c551ee919eb8.exe
3112	cd2f6136abf2ba057317c551ee919eb8.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3964 wrote to memory of 3112	3964	cd2f6136abf2ba057317c551ee919eb8.exe	95
PID 3964 wrote to memory of 3112	3964	cd2f6136abf2ba057317c551ee919eb8.exe	95
PID 3964 wrote to memory of 3112	3964	cd2f6136abf2ba057317c551ee919eb8.exe	95

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3768 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
1⤵
PID:2348

C:\Users\Admin\AppData\Local\Temp\cd2f6136abf2ba057317c551ee919eb8.exe

Filesize
3.6MB

MD5
66eb59e92263f97092af77c03178334f

SHA1
5ddd61449adb2b2007632406e4a8d4cf3dadeadb

SHA256
49d45d64f959e9e7445040b592e25c469ef239ec71e3188ecac87f4b9d078499

SHA512
9102468f3691fd052aba502b00dc6f4b21dda8db03f2ea2d92a333a47bed4ee30b6c27ab81a09a8a2b64187dc732d104857399582e1e758e1df67295661a2170

Download Submit
memory/3112-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3112-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3112-14-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3112-20-0x0000000005570000-0x000000000579A000-memory.dmp

Filesize
2.2MB

Download
memory/3112-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3112-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3964-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3964-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3964-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3964-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download