209522b9279dd439ee65a6ec160f0c199478437e5ad40e867b2858acf9adc1d7

Analysis

max time kernel
151s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 08:07

Target

e12ef03ab61e0a7869790d994d14bf34.exe
Size

2.5MB
MD5

e12ef03ab61e0a7869790d994d14bf34
SHA1

85d3557a96dfa481123260ea2b3c95a685ba6672
SHA256

209522b9279dd439ee65a6ec160f0c199478437e5ad40e867b2858acf9adc1d7
SHA512

d032b71ed282220024bc3164dc6319fe2f569801843e3f8d8f004f871e9bea7ab2241c390373a3ebb18a685190107e0ffe53bcaac52b3c78ea485f410f7a0fba
SSDEEP

49152:K92iAZUYDAq32erkMlcZHPZMlTdih8xpON74NH5HUyNRcUsCVOzet0:KUiAZb3HrFSHCh+4HBUCczz9

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1020	e12ef03ab61e0a7869790d994d14bf34.exe

Executes dropped EXE 1 IoCs

pid	Process
1020	e12ef03ab61e0a7869790d994d14bf34.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2780-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000400000002271f-11.dat	upx
behavioral2/memory/1020-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2780	e12ef03ab61e0a7869790d994d14bf34.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2780	e12ef03ab61e0a7869790d994d14bf34.exe
1020	e12ef03ab61e0a7869790d994d14bf34.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 1020	2780	e12ef03ab61e0a7869790d994d14bf34.exe	97
PID 2780 wrote to memory of 1020	2780	e12ef03ab61e0a7869790d994d14bf34.exe	97
PID 2780 wrote to memory of 1020	2780	e12ef03ab61e0a7869790d994d14bf34.exe	97

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4048 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\e12ef03ab61e0a7869790d994d14bf34.exe

Filesize
1.7MB

MD5
d7a642d93fd833d4561075275582ba6a

SHA1
eb0fea01774bfd5450d1ac56e6c069326644259b

SHA256
4a354274892408dfd2a5a5b7cd29707ad586bcfc2612f32303fcf20c7a4c45cf

SHA512
ea9cf1cef1b498613f89800f2f9c13733eba29dcaca6f5ed1f5ec9c1d48f0607dfc05bc5eeec5d13db8ca8a59464d31ebe911f7876c6e538e619d59be6d622ef

Download Submit
memory/1020-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1020-14-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1020-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1020-20-0x0000000005580000-0x00000000057AA000-memory.dmp

Filesize
2.2MB

Download
memory/1020-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1020-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2780-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2780-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2780-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2780-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download