874ef0285f7a6e2b5b8dd3ae445235ffaa02c37ff386a394c7010f182b7043d2

Analysis

max time kernel
153s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26-03-2024 11:38

Target

df11b6cdfd217c00043b3b1d962cd554.exe
Size

1.5MB
MD5

df11b6cdfd217c00043b3b1d962cd554
SHA1

883dcf8ff5867ea6961debebd9022a2dbba1434f
SHA256

874ef0285f7a6e2b5b8dd3ae445235ffaa02c37ff386a394c7010f182b7043d2
SHA512

54ea6abdec30cdbd44f9c0d8a9d1c197b45188e12c3ff7fdbee5021b875c37c61183ada0d2cb0078b0cc5f9caae13f67bafe75192580f91b3df58afcdc01f5e1
SSDEEP

24576:YjR6HqS8AaX+0s8mSO4NgzYQD/u6mmhg7Um5nBFg/oU/U7CrExnwCli6tUW:y6naO0jmvhX/uFmhg7d5nwA3hw+tU

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3308	df11b6cdfd217c00043b3b1d962cd554.exe

Executes dropped EXE 1 IoCs

pid	Process
3308	df11b6cdfd217c00043b3b1d962cd554.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2128-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0009000000023285-11.dat	upx
behavioral2/memory/3308-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2128	df11b6cdfd217c00043b3b1d962cd554.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2128	df11b6cdfd217c00043b3b1d962cd554.exe
3308	df11b6cdfd217c00043b3b1d962cd554.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 3308	2128	df11b6cdfd217c00043b3b1d962cd554.exe	97
PID 2128 wrote to memory of 3308	2128	df11b6cdfd217c00043b3b1d962cd554.exe	97
PID 2128 wrote to memory of 3308	2128	df11b6cdfd217c00043b3b1d962cd554.exe	97

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4060 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
1⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\df11b6cdfd217c00043b3b1d962cd554.exe

Filesize
1.4MB

MD5
997fa3b6d4520c7d9f40f3750a1cbefa

SHA1
1a030e26810fbdd048d15a56127fc71ce973dde0

SHA256
0ddc4b7e22e77d11e895a2970daaa5e87ce4ca6791f4b4c71b6e3cb0a462d311

SHA512
bc12cb2e49bbedbd077236636306c017fa2dc7463f345b2736a3e2b97bdc114d5eb1aa559895509b78dbc5955c0776adc0767670dc0e19b9951def1d72ebddb9

Download Submit
memory/2128-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2128-1-0x0000000001CF0000-0x0000000001E23000-memory.dmp

Filesize
1.2MB

Download
memory/2128-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2128-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3308-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3308-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3308-14-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3308-20-0x0000000005620000-0x000000000584A000-memory.dmp

Filesize
2.2MB

Download
memory/3308-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3308-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download