7209c2a5a4aabc087ea93e18fd7a6aeb44ee7bd9cf98ea31b420d2293f28da1b

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 16:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bb1751068948cf2fc4cf41c89c19ca00N.exe
Size

83KB
MD5

bb1751068948cf2fc4cf41c89c19ca00
SHA1

e8d3088f50775cc8307f9bfb626ac6189d057f94
SHA256

7209c2a5a4aabc087ea93e18fd7a6aeb44ee7bd9cf98ea31b420d2293f28da1b
SHA512

de710fdee506409bcc10d3748fc9922cee9c646764e0bab7f8b95280104914a765d5b33c283a8b520c6b09191bd49cdf65801943ec6d8b86f1736e897bee7406
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+fK:LJ0TAz6Mte4A+aaZx8EnCGVuf

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1620-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1620-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1620-7-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0006000000010300-11.dat	upx
behavioral1/memory/1620-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1620-21-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bb1751068948cf2fc4cf41c89c19ca00N.exe

C:\Users\Admin\AppData\Local\Temp\bb1751068948cf2fc4cf41c89c19ca00N.exe
"C:\Users\Admin\AppData\Local\Temp\bb1751068948cf2fc4cf41c89c19ca00N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-Ez0AntnDBjFhwOrI.exe

Filesize
83KB

MD5
336c1279b557d0bcccab759cdce08bb6

SHA1
40cf7afb941934d1a5f72146ef07c20da0bcfce0

SHA256
05481d63a0c798747a22a319ce65b8be717a17d57909527dce584778c5ca7eb3

SHA512
ac63aebc2456a27ee7374fa14ed4edd912cef0f28f2dc3d26f0f84401741d9317424346548d48d79d4b5c9b3828432a7c43e1a5c17e982455613d4da8b7a2a35

Download Submit
memory/1620-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1620-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1620-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1620-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1620-21-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download