68f25f3a7885b9400a807a26a5bf31811da1822b5ef06009b9d2376320429622

Analysis

max time kernel
155s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2024, 17:03

Target

d40bfe90467a45d9b2d8046bb4de8fd0.exe
Size

5.3MB
MD5

d40bfe90467a45d9b2d8046bb4de8fd0
SHA1

e4053b4cd8d0737c94cad2814e7acdbe9458d812
SHA256

68f25f3a7885b9400a807a26a5bf31811da1822b5ef06009b9d2376320429622
SHA512

e7b142c63fb67ae8bccf6ed176fff8a61fe65c9ca068b77d1928ccaefa7f9cc087d7aede42e69773752eed2cdcf893e538c447565fc9b1b1e44dabdd0d2c9fc6
SSDEEP

98304:BzjEz9PlN72dHY3attPCfuzR8dOIiHPjpaiK077PCodHY3attPCfuzR8dOIiHj:Bzoz9Pf72d6atXR8dOhv1anGr6atXR8o

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1664	d40bfe90467a45d9b2d8046bb4de8fd0.exe

Executes dropped EXE 1 IoCs

pid	Process
1664	d40bfe90467a45d9b2d8046bb4de8fd0.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1804-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x0008000000023256-11.dat	upx
behavioral2/memory/1664-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1804	d40bfe90467a45d9b2d8046bb4de8fd0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1804	d40bfe90467a45d9b2d8046bb4de8fd0.exe
1664	d40bfe90467a45d9b2d8046bb4de8fd0.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 1664	1804	d40bfe90467a45d9b2d8046bb4de8fd0.exe	97
PID 1804 wrote to memory of 1664	1804	d40bfe90467a45d9b2d8046bb4de8fd0.exe	97
PID 1804 wrote to memory of 1664	1804	d40bfe90467a45d9b2d8046bb4de8fd0.exe	97

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1424 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
1⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\d40bfe90467a45d9b2d8046bb4de8fd0.exe

Filesize
3.1MB

MD5
5d94604dd4413bff847da7e6b0ca4ae7

SHA1
05df4d1bd6bf817b41ba02d3f2d20f4557d72cc4

SHA256
e00b0527d61880bf2910dd9892f494df9659ff5bc3d48b8d6686810588aa2914

SHA512
29ab4cfccc21a552b81ee06978dd52d4bd9fd1ea85905cc752b0d0682cd06e67ff3f1be61d9558115b9a7e791b16dec650d33c9487f40f11b1303ca64f116b30

Download Submit
memory/1664-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1664-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1664-14-0x0000000001D60000-0x0000000001E91000-memory.dmp

Filesize
1.2MB

Download
memory/1664-20-0x0000000005650000-0x0000000005872000-memory.dmp

Filesize
2.1MB

Download
memory/1664-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1664-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1804-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1804-1-0x0000000001D10000-0x0000000001E41000-memory.dmp

Filesize
1.2MB

Download
memory/1804-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1804-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download