eb211f64579637e9ad028dea9cb075246b53f6eddadc8901abe943bf69ed9eea

Analysis

max time kernel
105s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26-07-2024 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

082838262284f3de9666a7d18751d5a0N.exe
Size

236KB
MD5

082838262284f3de9666a7d18751d5a0
SHA1

ca7ee33501034da22a515dbf715b8d1e20c02786
SHA256

eb211f64579637e9ad028dea9cb075246b53f6eddadc8901abe943bf69ed9eea
SHA512

ffb8e11bc49cf02ca1b6260b3fe8f9542a1e56de291500436dfd5b4fab7f7fda6a5b626c4dfd7f2946b1a639ab03811480c742148b7fa457bfd1ad9b11e2fccd
SSDEEP

3072:RJ0Bs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/N/FnncroP9:bwDeM7iNEkgiOb31k1ECJJ/F

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3176-0-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral2/memory/3176-1-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral2/files/0x0008000000023421-7.dat	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	082838262284f3de9666a7d18751d5a0N.exe

C:\Users\Admin\AppData\Local\Temp\082838262284f3de9666a7d18751d5a0N.exe
"C:\Users\Admin\AppData\Local\Temp\082838262284f3de9666a7d18751d5a0N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-wTkbzm6y0haLPtIo.exe

Filesize
236KB

MD5
5cf4f4fd9ed75c943d645c3ca96ba2fe

SHA1
e9aa5345b4180fe57bec795175f60e4c99f789d0

SHA256
cd61eacd99b459477a254b29f1249600b3894994e5694935127166e1135a5db1

SHA512
9bac0ee4166c709c76a73c7d2460da7f0ef56c373e71dce27d0ac6720cc07b0b235f02b9526a701cd22de2a603cf0f7b8b9d94f8cd6dfba58abf0b8c8ce82588

Download Submit
memory/3176-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3176-1-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download