a070ef24841578e0a4ed895b72fd9a64903a063411386c5f60e4d3e713bff885

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 02:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5c03cdd21b30a7c8b0ea3174c9792c10N.exe
Size

83KB
MD5

5c03cdd21b30a7c8b0ea3174c9792c10
SHA1

ce8bc49c76a41698c8fcaa2dcfb163c64aa3e76a
SHA256

a070ef24841578e0a4ed895b72fd9a64903a063411386c5f60e4d3e713bff885
SHA512

e376c9904ff593c722afddf163c24d970c53d1da0ce23bbe22a3f923d52b922e2d46e2d33a51f441a0f13afd19e057d3f3bbd42e83e1677df02f3f275caa4848
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+qK:LJ0TAz6Mte4A+aaZx8EnCGVuq

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1708-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1708-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1708-7-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-11.dat	upx
behavioral1/memory/1708-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1708-21-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5c03cdd21b30a7c8b0ea3174c9792c10N.exe

C:\Users\Admin\AppData\Local\Temp\5c03cdd21b30a7c8b0ea3174c9792c10N.exe
"C:\Users\Admin\AppData\Local\Temp\5c03cdd21b30a7c8b0ea3174c9792c10N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-UQHHGhLbbyqgYd9d.exe

Filesize
83KB

MD5
0e6fdd134092951bcb74e5c2bad7921d

SHA1
2e0e59f00ad2ba5fe45f65ad45d50bd1da22fe8d

SHA256
922b121a3f1275f21e2a1b6f486ec00f64fa7a855126ddb8d0eda8aabeb9d566

SHA512
fd451dbc4ddde400143eb806500d68953191b05ff2ddbc188930383e68f61bd690724e6c5cb07a836d4407fd349b7b0be00e8a537b2f6a75f321ec1b98567948

Download Submit
memory/1708-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1708-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1708-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1708-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1708-21-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download