c7db8a8294752c137fd68506c58438cf99cf0d0d28a2b13232516e9b4032d963

Analysis

max time kernel
112s
max time network
91s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
05-08-2024 09:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72981d1a526359e8c0bbb958496eef20N.exe
Size

83KB
MD5

72981d1a526359e8c0bbb958496eef20
SHA1

8eb7fee072b3f9bd16e4d11494075a80e0088204
SHA256

c7db8a8294752c137fd68506c58438cf99cf0d0d28a2b13232516e9b4032d963
SHA512

1e7796bace433ddc03ad674e842a6a07188df4e247c982c6e4c5707a27eb50cd46bf01623e7ca66337027dc0745c2550d804572d2be288c13e5a4f29ffc03cb7
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+GK:LJ0TAz6Mte4A+aaZx8EnCGVuG

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2392-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2392-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2392-7-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x000400000001173a-11.dat	upx
behavioral1/memory/2392-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2392-21-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	72981d1a526359e8c0bbb958496eef20N.exe

C:\Users\Admin\AppData\Local\Temp\72981d1a526359e8c0bbb958496eef20N.exe
"C:\Users\Admin\AppData\Local\Temp\72981d1a526359e8c0bbb958496eef20N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-A94Zw5HVEhCYnVhy.exe

Filesize
83KB

MD5
60e8970435594615e09897b8e9b98335

SHA1
f04d743c1725fc1c9a2092843850c898e2a24148

SHA256
66689424d9251d0368ca2a68f2067bddd3c19972255fbc260b157e859bce930e

SHA512
4ca11cedf7a1f201dfe47b3674fcfa156641c1e90e4739ab10d312e1456a0a608d47ac22a0aae7de1c8396520ae2017622fb6a40a48b88a0ed0205f239073dce

Download Submit
memory/2392-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2392-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2392-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2392-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2392-21-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download