90a319591f7be8bd6995937350e0a65cfaada25cd44df25adf78f325b5171120

Analysis

max time kernel
18s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
03/08/2024, 00:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

236c5c340401fe526c423354db8c0140N.exe
Size

29KB
MD5

236c5c340401fe526c423354db8c0140
SHA1

f1d0656b49ceaa0d489f1e97d477b51e7abecb05
SHA256

90a319591f7be8bd6995937350e0a65cfaada25cd44df25adf78f325b5171120
SHA512

a7a4c6bc5022dd338b4db27216ece21ab9801814ed8685f5844a45cf9994375e9dd9f0fa4260f23929fbe044af9079c38ac2dc76954e95c96acd63ac01b0197d
SSDEEP

768:ITRfpN0pOy3OzeXmOGXbJOlB2vsLCik5dAy7b6lSB5:IHzzeWHXbJGB2EOik5h36lc5

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2192-0-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/files/0x0008000000015d34-5.dat	upx
behavioral1/memory/2192-101-0x0000000000400000-0x000000000041A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	236c5c340401fe526c423354db8c0140N.exe

C:\Users\Admin\AppData\Local\Temp\236c5c340401fe526c423354db8c0140N.exe
"C:\Users\Admin\AppData\Local\Temp\236c5c340401fe526c423354db8c0140N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\My Downloads\Free Virus Removal Tool From Symantec ISO - Full Downloader.exe

Filesize
29KB

MD5
d7f6e6ae9abc477ce0247872cc207fc4

SHA1
16533973c65304e57605d77d784da17215f2db45

SHA256
75feb937d0fe4367481fe7b10647616ec780b895289851c5542c699ea0709767

SHA512
881151ce73ed266deeeff769e117b9aeb111ab118666d4633a09d4f0d7aa0460208d97ca11f916b6833826f09a2aefd12ed1f2065695e6fe132bf5bf93698519

Download Submit
memory/2192-0-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2192-101-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download