e52d0c415dde2d6da9c5b3c357fbab265c020684cd3e287533e2ca0d79890a2c

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16-03-2024 06:50

Target

cd64790e24e9046f362574187c17a511.exe
Size

5.8MB
MD5

cd64790e24e9046f362574187c17a511
SHA1

9a61e2d780cd4e1138f03042c030cfc62d6d04eb
SHA256

e52d0c415dde2d6da9c5b3c357fbab265c020684cd3e287533e2ca0d79890a2c
SHA512

90838be5d255a6d5872626563648173163fa686a65408acc4b17fe6408b711eba7a3e2ab189ab0cdff6348335c5b953158a6d4f5ddf14762a2394d2cd20cd406
SSDEEP

98304:Hzp5qjtsizFJyaGQZaXhP5a9UEI+eG9jAkbkR79D+cVItGQZaXhP5a9UEI+eG:H2jOiryUGhRaaCkN9qHGhRa

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4904	cd64790e24e9046f362574187c17a511.exe

Executes dropped EXE 1 IoCs

pid	Process
4904	cd64790e24e9046f362574187c17a511.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1548-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0002000000022ea1-11.dat	upx
behavioral2/memory/4904-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1548	cd64790e24e9046f362574187c17a511.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1548	cd64790e24e9046f362574187c17a511.exe
4904	cd64790e24e9046f362574187c17a511.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1548 wrote to memory of 4904	1548	cd64790e24e9046f362574187c17a511.exe	101
PID 1548 wrote to memory of 4904	1548	cd64790e24e9046f362574187c17a511.exe	101
PID 1548 wrote to memory of 4904	1548	cd64790e24e9046f362574187c17a511.exe	101

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4232 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
1⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\cd64790e24e9046f362574187c17a511.exe

Filesize
5.0MB

MD5
55dd99e4190e7b4dec739abf70974dde

SHA1
ddbd852fa7287de21e83b1ecc64be962ace62c39

SHA256
afd6b76e9f7a5be1e06e90c12e6b12bf0aca043059b83e18ea6eaa4d36ceb7e7

SHA512
17a3632dcbcde4c6d8d04f0e14055912b1f8703aa4836df6a91e7954d2e50f5f520b45019a2152dddfbaa9927d7c037218fd0c11bcfe360ad0b30d1417c627d8

Download Submit
memory/1548-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1548-1-0x0000000001C60000-0x0000000001D93000-memory.dmp

Filesize
1.2MB

Download
memory/1548-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1548-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4904-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4904-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4904-15-0x0000000001CD0000-0x0000000001E03000-memory.dmp

Filesize
1.2MB

Download
memory/4904-20-0x00000000055D0000-0x00000000057FA000-memory.dmp

Filesize
2.2MB

Download
memory/4904-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4904-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download