b78d97bb58e7aa39565ebee84b814808482b97dc21926420d09c6ed2a2530303

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 12:14

Target

e1a4267c475a0a9a2c92e312246e93d1.exe
Size

1.3MB
MD5

e1a4267c475a0a9a2c92e312246e93d1
SHA1

bb09a7693bc71f759a96659653e1db802e0699a7
SHA256

b78d97bb58e7aa39565ebee84b814808482b97dc21926420d09c6ed2a2530303
SHA512

3b7b9ebaa0659c6d8b1dacac2732673ce5acc9d0b4f5c03ef2f52b00faacc301455f21a36a0de873aaaa3f096bcbd3670b83be9037afe11e6ee623790a682d32
SSDEEP

24576:tLpRbBEIZSWon/RxCroPZe0RcnRdbMfrnRmtmS0HxvG:rRbBEI2n5gAY0RcnbwfrRmy

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
5020	e1a4267c475a0a9a2c92e312246e93d1.exe

Executes dropped EXE 1 IoCs

pid	Process
5020	e1a4267c475a0a9a2c92e312246e93d1.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4008-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral2/files/0x0009000000023306-13.dat	upx
behavioral2/memory/5020-15-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4008	e1a4267c475a0a9a2c92e312246e93d1.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4008	e1a4267c475a0a9a2c92e312246e93d1.exe
5020	e1a4267c475a0a9a2c92e312246e93d1.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4008 wrote to memory of 5020	4008	e1a4267c475a0a9a2c92e312246e93d1.exe	94
PID 4008 wrote to memory of 5020	4008	e1a4267c475a0a9a2c92e312246e93d1.exe	94
PID 4008 wrote to memory of 5020	4008	e1a4267c475a0a9a2c92e312246e93d1.exe	94

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=736 --field-trial-handle=2228,i,17475224967547320003,13667387715861799238,262144 --variations-seed-version /prefetch:8
1⤵
PID:1368

C:\Users\Admin\AppData\Local\Temp\e1a4267c475a0a9a2c92e312246e93d1.exe

Filesize
1.3MB

MD5
f532419a2fe6db897bcaa61b5bc2bb8a

SHA1
60db7bfc5bfde34c53b7a8cda437112ae10878ff

SHA256
2277746601434484a1ef5ed97e6488464d5cd1e6d1e3e2c30d787260287475dc

SHA512
335eb0bd5024ae9fc5b99549ffd11afb78713772ca8aa3cf4119f8fb4e2646fe32236f12953640568d93cf0830ed6f407c4e92a54d2f67480070ec2e5799c5eb

Download Submit
memory/4008-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/4008-1-0x0000000001C30000-0x0000000001D42000-memory.dmp

Filesize
1.1MB

Download
memory/4008-2-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/4008-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/5020-15-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/5020-16-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/5020-17-0x0000000001CD0000-0x0000000001DE2000-memory.dmp

Filesize
1.1MB

Download
memory/5020-24-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download