4d0b45d7dddf2191333de10b223854693d3c1f50d69f38cae2205f113392603a

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25-03-2024 16:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de7be18e450d44e47f617981e18a88d6.exe
Size

251KB
MD5

de7be18e450d44e47f617981e18a88d6
SHA1

3b4ecf60eebd3d2244c03eeb77f90256b91cb7c2
SHA256

4d0b45d7dddf2191333de10b223854693d3c1f50d69f38cae2205f113392603a
SHA512

211c227d86333be7a93e0daa5fddda7d911d9d0a4740fbef2b38bb768310a66e15a1d6c4e801d12762d25fa327855930da293091d9b1cc9a7bea5be53cbc10bc
SSDEEP

3072:yvoTzGGSUPSdSxcAYV67MmoX5FC3wFrB4mNPkCIh6VNZTU4UCnQFrkd:IcszVxNZ4aX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4128-0-0x0000000000400000-0x0000000000441000-memory.dmp	upx
behavioral2/memory/4128-7-0x0000000000400000-0x0000000000441000-memory.dmp	upx

Suspicious use of SetThreadContext 6 IoCs

description	pid	Process	procid_target
PID 4128 set thread context of 4408	4128	de7be18e450d44e47f617981e18a88d6.exe	96
PID 4128 set thread context of 0	4128	de7be18e450d44e47f617981e18a88d6.exe
PID 4128 set thread context of 0	4128	de7be18e450d44e47f617981e18a88d6.exe
PID 4128 set thread context of 0	4128	de7be18e450d44e47f617981e18a88d6.exe
PID 4128 set thread context of 0	4128	de7be18e450d44e47f617981e18a88d6.exe
PID 4128 set thread context of 0	4128	de7be18e450d44e47f617981e18a88d6.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4408	de7be18e450d44e47f617981e18a88d6.exe
4408	de7be18e450d44e47f617981e18a88d6.exe
4408	de7be18e450d44e47f617981e18a88d6.exe
4408	de7be18e450d44e47f617981e18a88d6.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4128	de7be18e450d44e47f617981e18a88d6.exe

Suspicious use of WriteProcessMemory 31 IoCs

description	pid	Process	procid_target
PID 4128 wrote to memory of 4408	4128	de7be18e450d44e47f617981e18a88d6.exe	96
PID 4128 wrote to memory of 4408	4128	de7be18e450d44e47f617981e18a88d6.exe	96
PID 4128 wrote to memory of 4408	4128	de7be18e450d44e47f617981e18a88d6.exe	96
PID 4128 wrote to memory of 4408	4128	de7be18e450d44e47f617981e18a88d6.exe	96
PID 4128 wrote to memory of 4408	4128	de7be18e450d44e47f617981e18a88d6.exe	96
PID 4128 wrote to memory of 4408	4128	de7be18e450d44e47f617981e18a88d6.exe	96
PID 4128 wrote to memory of 4408	4128	de7be18e450d44e47f617981e18a88d6.exe	96
PID 4128 wrote to memory of 0	4128	de7be18e450d44e47f617981e18a88d6.exe
PID 4128 wrote to memory of 0	4128	de7be18e450d44e47f617981e18a88d6.exe
PID 4128 wrote to memory of 0	4128	de7be18e450d44e47f617981e18a88d6.exe
PID 4128 wrote to memory of 0	4128	de7be18e450d44e47f617981e18a88d6.exe
PID 4128 wrote to memory of 0	4128	de7be18e450d44e47f617981e18a88d6.exe
PID 4128 wrote to memory of 0	4128	de7be18e450d44e47f617981e18a88d6.exe
PID 4128 wrote to memory of 0	4128	de7be18e450d44e47f617981e18a88d6.exe
PID 4128 wrote to memory of 0	4128	de7be18e450d44e47f617981e18a88d6.exe
PID 4128 wrote to memory of 0	4128	de7be18e450d44e47f617981e18a88d6.exe
PID 4128 wrote to memory of 0	4128	de7be18e450d44e47f617981e18a88d6.exe
PID 4128 wrote to memory of 0	4128	de7be18e450d44e47f617981e18a88d6.exe
PID 4128 wrote to memory of 0	4128	de7be18e450d44e47f617981e18a88d6.exe
PID 4128 wrote to memory of 0	4128	de7be18e450d44e47f617981e18a88d6.exe
PID 4128 wrote to memory of 0	4128	de7be18e450d44e47f617981e18a88d6.exe
PID 4128 wrote to memory of 0	4128	de7be18e450d44e47f617981e18a88d6.exe
PID 4128 wrote to memory of 0	4128	de7be18e450d44e47f617981e18a88d6.exe
PID 4128 wrote to memory of 0	4128	de7be18e450d44e47f617981e18a88d6.exe
PID 4128 wrote to memory of 0	4128	de7be18e450d44e47f617981e18a88d6.exe
PID 4128 wrote to memory of 0	4128	de7be18e450d44e47f617981e18a88d6.exe
PID 4128 wrote to memory of 0	4128	de7be18e450d44e47f617981e18a88d6.exe
PID 4408 wrote to memory of 3552	4408	de7be18e450d44e47f617981e18a88d6.exe	56
PID 4408 wrote to memory of 3552	4408	de7be18e450d44e47f617981e18a88d6.exe	56
PID 4408 wrote to memory of 3552	4408	de7be18e450d44e47f617981e18a88d6.exe	56
PID 4408 wrote to memory of 3552	4408	de7be18e450d44e47f617981e18a88d6.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3552
- C:\Users\Admin\AppData\Local\Temp\de7be18e450d44e47f617981e18a88d6.exe
  "C:\Users\Admin\AppData\Local\Temp\de7be18e450d44e47f617981e18a88d6.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4128
- - C:\Users\Admin\AppData\Local\Temp\de7be18e450d44e47f617981e18a88d6.exe
    "C:\Users\Admin\AppData\Local\Temp\de7be18e450d44e47f617981e18a88d6.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1332 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:8
1⤵
PID:4576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3552-9-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/3552-10-0x000000007FFD0000-0x000000007FFD1000-memory.dmp

Filesize
4KB

Download
memory/4128-0-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/4128-7-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/4408-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4408-5-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4408-6-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4408-8-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4408-15-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download