fb6eb773195ade88f6cbdf1c69bb86956e9a2caceafaa4d5844f06e00eff93c6

Analysis

max time kernel
112s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27-07-2024 01:52

Target

7d4f9a58f1d9a3fd6fc1f4aaf7c04610N.exe
Size

83KB
MD5

7d4f9a58f1d9a3fd6fc1f4aaf7c04610
SHA1

9106b27c4aab3fcdb6bf254a7f82881dc6976b2e
SHA256

fb6eb773195ade88f6cbdf1c69bb86956e9a2caceafaa4d5844f06e00eff93c6
SHA512

9d5a4afb07b3b753f45f35b673456b42ccc36f8a98fae0e420049ef062b86465ce8f3f38b854417c3274700635d9fe764494b034d516ffcdedac156b32026468
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+2K:LJ0TAz6Mte4A+aaZx8EnCGVu2

Score

7^/10

discovery upx

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/1580-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1580-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1580-8-0x0000000000400000-0x000000000042A000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\rifaien2-tu5FRPfoOyLfSuAD.exe	upx
behavioral2/memory/1580-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1580-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

7d4f9a58f1d9a3fd6fc1f4aaf7c04610N.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7d4f9a58f1d9a3fd6fc1f4aaf7c04610N.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7d4f9a58f1d9a3fd6fc1f4aaf7c04610N.exe

C:\Users\Admin\AppData\Local\Temp\7d4f9a58f1d9a3fd6fc1f4aaf7c04610N.exe
"C:\Users\Admin\AppData\Local\Temp\7d4f9a58f1d9a3fd6fc1f4aaf7c04610N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1580

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\rifaien2-tu5FRPfoOyLfSuAD.exe

Filesize
83KB

MD5
b3bd99d2a0836703ca321690327c1360

SHA1
147f8d1017ca1539a756188a8c7374b69ef70fd8

SHA256
099ee9ade8c99a7162b04fde73fca7cf945523bc491d706be83ae437315aa100

SHA512
a7108a92265ddefac84fc9db32d7dc2c9a6d6745cbd3ad85efb0170f866923b4ca687475d0c19c931bd96949f01a351286d32255c6f31d5feba4e19fc61eee20

Download Submit
memory/1580-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1580-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1580-8-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1580-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1580-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download