531a633443831b20a4a72cde2bf62b0993116f11cced151f053d1c41c3767c3c

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 21:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

054f48b6b2d1d2a3ed863cb7182a5810N.exe
Size

236KB
MD5

054f48b6b2d1d2a3ed863cb7182a5810
SHA1

11b5b9f7f58254677113f4a305cdd245c8035245
SHA256

531a633443831b20a4a72cde2bf62b0993116f11cced151f053d1c41c3767c3c
SHA512

45eec5001d2bbd94c4484047ce3ff11a964e570518434b7100a507a0e9b67534b11fab419511df54ed9b6473ee9047907b1c33766acbf49b1c11a2639f4bc0da
SSDEEP

3072:dJ0Bs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/R/FnncroP9:HwDeM7iNEkgiOb31k1ECNJ/F

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3172-0-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral2/memory/3172-1-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral2/files/0x000e000000023389-7.dat	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	054f48b6b2d1d2a3ed863cb7182a5810N.exe

C:\Users\Admin\AppData\Local\Temp\054f48b6b2d1d2a3ed863cb7182a5810N.exe
"C:\Users\Admin\AppData\Local\Temp\054f48b6b2d1d2a3ed863cb7182a5810N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-k9mROmkFwuL8r8yc.exe

Filesize
236KB

MD5
d351a7a72114a3b45626c387e0db91c6

SHA1
8d2f30f3d376986f1216d91ea1dfc3e2553a1771

SHA256
27f0bbc63fa93d02d84cb45784480a047a21015dec6434180a9e5eb37d81a784

SHA512
8c0ed9c669836e2885f6c073778e7b552ff7b6a69e35c5721234f6df28228dababf633ad7de40e3bccaad95d1380cb3a3704e7ebbb87da9cc5365cc857f038d9

Download Submit
memory/3172-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3172-1-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download