8bd39128d7501f5e5bd5ffc934213598f790840a8e2bf7ff085e662b4f9c14d5

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 02:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8bd39128d7501f5e5bd5ffc934213598f790840a8e2bf7ff085e662b4f9c14d5.exe
Size

236KB
MD5

12fdf4e2ab9b74e5597bc6572b701213
SHA1

6124328250d7515f07dcd1e0dd2c22c4975b85a1
SHA256

8bd39128d7501f5e5bd5ffc934213598f790840a8e2bf7ff085e662b4f9c14d5
SHA512

a6cfbb9010880a3090bd2daadb41fb08a7053d83938171f6e35fa10de1ed32a9f81247ec929805592c366005094ef0d3e3ce850756593f85028d484203e9f8a5
SSDEEP

3072:WJ0Bs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/c/FnncroP9:6wDeM7iNEkgiOb31k1EC6J/F

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2820-0-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral1/memory/2820-1-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral1/files/0x0010000000011b9d-7.dat	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8bd39128d7501f5e5bd5ffc934213598f790840a8e2bf7ff085e662b4f9c14d5.exe

C:\Users\Admin\AppData\Local\Temp\8bd39128d7501f5e5bd5ffc934213598f790840a8e2bf7ff085e662b4f9c14d5.exe
"C:\Users\Admin\AppData\Local\Temp\8bd39128d7501f5e5bd5ffc934213598f790840a8e2bf7ff085e662b4f9c14d5.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-cDbP62Xo0YY7hzc5.exe

Filesize
236KB

MD5
1dc1827d745f12effe65966268f1766b

SHA1
6eefd028c482121ae4698207099996ef53e0d46f

SHA256
623432d34d9437bd186705882266a845884c28baa992e5a3ee2d5214e9d4475c

SHA512
dde2fb5f283f36a159ef25b1f1736065831cef0f2226b2f0ce7f9bb262c3dd18e358a0312e79763a756104afe5a5581719ce7d71f8c22dce34940db958231f31

Download Submit
memory/2820-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2820-1-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download