37750d2dcda7f3fda4f29953297d0e45b1f0169599bc19ef35b84039692cf2a2

Analysis

max time kernel
111s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/08/2024, 07:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a78f384911b94649c8810ee68889bb0N.exe
Size

83KB
MD5

6a78f384911b94649c8810ee68889bb0
SHA1

537e1d68bc8a82bd17ac16fb38b946c1f22c92bf
SHA256

37750d2dcda7f3fda4f29953297d0e45b1f0169599bc19ef35b84039692cf2a2
SHA512

ad40aead3a202564ece8fff1fcd2f562f51971caa76f5527f207372d9efe8184bdce06f58005cbf5e75b46df62bdce60a4b0d6063b461a5bd2cce6c8a1a6e9f8
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+RK:LJ0TAz6Mte4A+aaZx8EnCGVuR

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3616-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3616-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3616-7-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/files/0x000b00000002339a-11.dat	upx
behavioral2/memory/3616-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3616-21-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6a78f384911b94649c8810ee68889bb0N.exe

C:\Users\Admin\AppData\Local\Temp\6a78f384911b94649c8810ee68889bb0N.exe
"C:\Users\Admin\AppData\Local\Temp\6a78f384911b94649c8810ee68889bb0N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-uNDYFhS7114s2lhg.exe

Filesize
83KB

MD5
78d768e1e62473747c152cc98b259b23

SHA1
f89713e50b7cfd63c616493b76b0f0e3e46b5eb9

SHA256
6413a7a9141f87b521c0eccbef3f4bfde7a870ec9822446887005203832ef97a

SHA512
29219dc61d7e239a4e210310ef9b4c5ea96bbc3793a94d4ac335a468f8d659fde76e4a75abd0e209d53ba775c9f80ece09bc72bb90e76395b5c541fe3e09e480

Download Submit
memory/3616-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3616-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3616-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3616-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3616-21-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download