13c67e6ec2370d99fcde9c8982a23128d76c9b831a5264151222bac17708f287

Analysis

max time kernel
112s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
28-07-2024 01:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32da81d2a50438b81aab388c29369670N.exe
Size

83KB
MD5

32da81d2a50438b81aab388c29369670
SHA1

bc4475b73f043e1a79ae6baddec97ac9e0b778b6
SHA256

13c67e6ec2370d99fcde9c8982a23128d76c9b831a5264151222bac17708f287
SHA512

6bb697dcf8e6537c9f77b6f49043ad9fe949ef2169296ae66f77811f1172b588922be9c50279def12d97d6c17a65ac0725da1b389bbdcd8ae1c03fad9c83e322
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+9K:LJ0TAz6Mte4A+aaZx8EnCGVu9

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3180-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3180-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3180-6-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/files/0x000e000000023411-12.dat	upx
behavioral2/memory/3180-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3180-21-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	32da81d2a50438b81aab388c29369670N.exe

C:\Users\Admin\AppData\Local\Temp\32da81d2a50438b81aab388c29369670N.exe
"C:\Users\Admin\AppData\Local\Temp\32da81d2a50438b81aab388c29369670N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-4QdOA8fedkfi6Xk7.exe

Filesize
83KB

MD5
e39f44bcc00395dfd7e2eed28f3b8d6e

SHA1
cd849268d1985742ab5988eeecc61eda3882ec65

SHA256
37e13b802f62e18a6acb4800ca7047116f21f992c25f8591cc1ac34d82d7d0ba

SHA512
d63ecd6e59c43ec0e350589613b163058681ad267556199d8bd08ec426a4b89aa83afa6f61d22a0c54bec903bc5b82b657e5ee5807ecf102037714c376586ce8

Download Submit
memory/3180-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3180-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3180-6-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3180-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3180-21-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download