048012ea75b71c341b5475a2cffa9030fec5afec3ff0462c40033a9512a9af09

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 06:23

Target

e0fa87d28d74e7ca46faff9157201651.exe
Size

2.9MB
MD5

e0fa87d28d74e7ca46faff9157201651
SHA1

5228db8dda9bc699a1f897cbeb32164907f7b095
SHA256

048012ea75b71c341b5475a2cffa9030fec5afec3ff0462c40033a9512a9af09
SHA512

fcce8a19235d375d9fe75e957ac29cc4f65798b146156195bcc373310b02dfe5a640d7cda82527a0fd1b8f2c93a88a776fe35b6bf655147b7923bfd746e0f06e
SSDEEP

49152:nA7Fzbk66sjp5lna47WXEhA4uFvclFlnE4SN74NH5HUyNRcUsCVOzetdZJ:wFZ/Dlna4Clcw4HBUCczzM3

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
636	e0fa87d28d74e7ca46faff9157201651.exe

Executes dropped EXE 1 IoCs

pid	Process
636	e0fa87d28d74e7ca46faff9157201651.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/776-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000800000002332d-11.dat	upx
behavioral2/memory/636-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
776	e0fa87d28d74e7ca46faff9157201651.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
776	e0fa87d28d74e7ca46faff9157201651.exe
636	e0fa87d28d74e7ca46faff9157201651.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 776 wrote to memory of 636	776	e0fa87d28d74e7ca46faff9157201651.exe	96
PID 776 wrote to memory of 636	776	e0fa87d28d74e7ca46faff9157201651.exe	96
PID 776 wrote to memory of 636	776	e0fa87d28d74e7ca46faff9157201651.exe	96

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3468 --field-trial-handle=2320,i,3025503729105798828,9325691672526736153,262144 --variations-seed-version /prefetch:8
1⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\e0fa87d28d74e7ca46faff9157201651.exe

Filesize
2.9MB

MD5
f892f9b54d98520701f94a31914e411f

SHA1
27f47f007565027ede7e91578e83589a1a2d3d3e

SHA256
1371bbf52553c9fc724a23e817dfa06b611bcfb829f747c59bd1530f94d22edc

SHA512
918494000c03081de2ada7ca63292d40364885935c24ecb6216db322110d3c11a8ce81ef69172f2176fd6a47909c93ef1355decdd07e56f221d473dab9568ca7

Download Submit
memory/636-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/636-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/636-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/636-21-0x0000000005590000-0x00000000057BA000-memory.dmp

Filesize
2.2MB

Download
memory/636-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/636-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/776-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/776-1-0x0000000001CB0000-0x0000000001DE3000-memory.dmp

Filesize
1.2MB

Download
memory/776-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/776-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download