dd4afa485da42de61b87ad1e2dd32a03f384f7f6c553d1ea12cd2afe5e86741c

Analysis

max time kernel
140s
max time network
128s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
27-07-2024 04:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd4afa485da42de61b87ad1e2dd32a03f384f7f6c553d1ea12cd2afe5e86741c.exe
Size

83KB
MD5

5424619bd1c3aa72d355e528e876644b
SHA1

48ab3936ccf0b007ff2cb784402e66560e0e53d4
SHA256

dd4afa485da42de61b87ad1e2dd32a03f384f7f6c553d1ea12cd2afe5e86741c
SHA512

29192aab2422393731ba5f47f6e2605b839cf5998a2b4a5165915a57ed332b6164e55b57fb3c20f65f89c4a1c86076ab8b4b18c8c354341d1a4bb4812e9db346
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+FK:LJ0TAz6Mte4A+aaZx8EnCGVuF

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2808-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2808-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2808-7-0x0000000000400000-0x000000000042A000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\rifaien2-u8sMeVnArR6i3Avh.exe	upx
behavioral1/memory/2808-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2808-21-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2808-28-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

dd4afa485da42de61b87ad1e2dd32a03f384f7f6c553d1ea12cd2afe5e86741c.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dd4afa485da42de61b87ad1e2dd32a03f384f7f6c553d1ea12cd2afe5e86741c.exe

C:\Users\Admin\AppData\Local\Temp\dd4afa485da42de61b87ad1e2dd32a03f384f7f6c553d1ea12cd2afe5e86741c.exe
"C:\Users\Admin\AppData\Local\Temp\dd4afa485da42de61b87ad1e2dd32a03f384f7f6c553d1ea12cd2afe5e86741c.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-u8sMeVnArR6i3Avh.exe

Filesize
83KB

MD5
74ad69e303445050a861667e6b561509

SHA1
1ee39cf74a6382f915ac8520f6fe1577a83b179d

SHA256
a84a33a4ec6a7e692dead81561263832d064d863a82a1cbc0fb3fa156d000606

SHA512
743b4579843576a8f3ad80f7c8f4e3cccb448d81325c175d91a4021e9d58b390852c54ca146706044f9c69b2d1a185428f85555e5db352b11279a553d8afde8f

Download Submit
memory/2808-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2808-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2808-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2808-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2808-21-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2808-28-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download