13c67e6ec2370d99fcde9c8982a23128d76c9b831a5264151222bac17708f287

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
28-07-2024 01:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32da81d2a50438b81aab388c29369670N.exe
Size

83KB
MD5

32da81d2a50438b81aab388c29369670
SHA1

bc4475b73f043e1a79ae6baddec97ac9e0b778b6
SHA256

13c67e6ec2370d99fcde9c8982a23128d76c9b831a5264151222bac17708f287
SHA512

6bb697dcf8e6537c9f77b6f49043ad9fe949ef2169296ae66f77811f1172b588922be9c50279def12d97d6c17a65ac0725da1b389bbdcd8ae1c03fad9c83e322
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+9K:LJ0TAz6Mte4A+aaZx8EnCGVu9

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2916-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2916-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2916-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x000b00000001225e-11.dat	upx
behavioral1/memory/2916-13-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2916-20-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	32da81d2a50438b81aab388c29369670N.exe

C:\Users\Admin\AppData\Local\Temp\32da81d2a50438b81aab388c29369670N.exe
"C:\Users\Admin\AppData\Local\Temp\32da81d2a50438b81aab388c29369670N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-XZVMUVCdXua4L4Qw.exe

Filesize
83KB

MD5
3694e7fa745f054d7c6ae3d3f6faf482

SHA1
0916dcbbc3b39c5601369842b5c327460ac20e61

SHA256
bd81386ce0dad2b434bd8fa5d2c8553b4011fc83f1e73b02df9bdefca9b636d8

SHA512
c5c2557f13453716eb83485e664342294637c261be2c81e850998fad115a1cfffd3e4ba3802cb648622d44b5139baa440373f3d4a701fd8a6e2bbcf2a77a0dbc

Download Submit
memory/2916-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2916-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2916-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2916-13-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2916-20-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download