e58e0c933976e97b5aa6d317215583d4dddce6d589a217431968c85ba098cd08

Analysis

max time kernel
142s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 16:09

Target

e212f1f8833a97c7879e6652384827d8.exe
Size

1.3MB
MD5

e212f1f8833a97c7879e6652384827d8
SHA1

23f6439896193cf334b0b4efb4c9548441edef9d
SHA256

e58e0c933976e97b5aa6d317215583d4dddce6d589a217431968c85ba098cd08
SHA512

99b672f4ec8ced0193c405869b42542cd7039647eec04b96f0a86276fa741495770cce9339c7fa930da576b51932eaa2a6dacacf9f1b06886dbf20df37265755
SSDEEP

24576:pinaNbTVjJ4HQm6nRZ6rkxtQtEcJikWSNjs9Txaq9vtMpEBBEU9/9Us:pOaNxJ4HtwxcVikWqwY8BjR9j

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1748	e212f1f8833a97c7879e6652384827d8.exe

Executes dropped EXE 1 IoCs

pid	Process
1748	e212f1f8833a97c7879e6652384827d8.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/216-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000400000002271f-11.dat	upx
behavioral2/memory/1748-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
216	e212f1f8833a97c7879e6652384827d8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
216	e212f1f8833a97c7879e6652384827d8.exe
1748	e212f1f8833a97c7879e6652384827d8.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 1748	216	e212f1f8833a97c7879e6652384827d8.exe	97
PID 216 wrote to memory of 1748	216	e212f1f8833a97c7879e6652384827d8.exe	97
PID 216 wrote to memory of 1748	216	e212f1f8833a97c7879e6652384827d8.exe	97

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4252 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
1⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\e212f1f8833a97c7879e6652384827d8.exe

Filesize
1.3MB

MD5
c1e435e70d700004631d15245fd0f392

SHA1
ca5b2695f58e6fbf657bc994703331989d8a9d0b

SHA256
344de383b81a7a89852f5b61a11bfeef799be7614c96dd807b2bb1691ccc9156

SHA512
c455f50515c717811388911eb2b582e87897a02784687020b1a1e80a6b8e38572e09ef1cd4782f88b9389a4701ace767aee1c99efc6034b6a4edadb82c856c5d

Download Submit
memory/216-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/216-1-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/216-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/216-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1748-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1748-15-0x0000000001DF0000-0x0000000001F21000-memory.dmp

Filesize
1.2MB

Download
memory/1748-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1748-20-0x00000000056E0000-0x0000000005902000-memory.dmp

Filesize
2.1MB

Download
memory/1748-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1748-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download