dbccaac32657103bb3f8f39dfb206530a74d7fbac4e2d2e8d81e73d906b0a5d3

Analysis

max time kernel
148s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 10:54

Target

e17d86624bda3aa1d9289ec70f36ee22.exe
Size

2.9MB
MD5

e17d86624bda3aa1d9289ec70f36ee22
SHA1

8a7b1bf6c3fa44643c1bff3f89cd322f630aa278
SHA256

dbccaac32657103bb3f8f39dfb206530a74d7fbac4e2d2e8d81e73d906b0a5d3
SHA512

41ece602f4b9feffe314233a42744dda24b75e2c37f4de0fe7a506598eb16360dbae44ee5889c031635567d41e8f4bd28c237942d8329ebd6a6a9ecbaac21a49
SSDEEP

49152:DLh2M3xoAOIgEbY0Rnv9QR4ulSP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:QMaRIg/YQR4ulSgg3gnl/IVUs1jePs

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1900	e17d86624bda3aa1d9289ec70f36ee22.exe

Executes dropped EXE 1 IoCs

pid	Process
1900	e17d86624bda3aa1d9289ec70f36ee22.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1272-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000400000002271f-11.dat	upx
behavioral2/memory/1900-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1272	e17d86624bda3aa1d9289ec70f36ee22.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1272	e17d86624bda3aa1d9289ec70f36ee22.exe
1900	e17d86624bda3aa1d9289ec70f36ee22.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1272 wrote to memory of 1900	1272	e17d86624bda3aa1d9289ec70f36ee22.exe	96
PID 1272 wrote to memory of 1900	1272	e17d86624bda3aa1d9289ec70f36ee22.exe	96
PID 1272 wrote to memory of 1900	1272	e17d86624bda3aa1d9289ec70f36ee22.exe	96

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4160 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8
1⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\e17d86624bda3aa1d9289ec70f36ee22.exe

Filesize
2.9MB

MD5
aadc66402edd411ca806758067b2cde8

SHA1
5604303f35614f56ae4d3334b6377ebf0e1aa63f

SHA256
d5ae7d35fe4402aa7b396ff4a65b07130e5e6476805cbb8a842cf58f066d6422

SHA512
dee751ffcaca9bebcffae55bd297d386c8639ae14f9dab3349254b485611c0c6680c88b407380e5fb6d3c9f4a25cf2e5f0c0d935b0595599ecb5a7646316415d

Download Submit
memory/1272-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1272-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1272-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1272-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1900-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1900-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1900-15-0x0000000001C70000-0x0000000001DA3000-memory.dmp

Filesize
1.2MB

Download
memory/1900-20-0x0000000005570000-0x000000000579A000-memory.dmp

Filesize
2.2MB

Download
memory/1900-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1900-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download