36fcface1f63871389a6be87a356a656a4ae39c0d1a7a90fb3a454102ad58ada

Analysis

max time kernel
112s
max time network
91s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
07/08/2024, 10:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a84daa0e4f9dc9b01c92cb9b789ff040N.exe
Size

83KB
MD5

a84daa0e4f9dc9b01c92cb9b789ff040
SHA1

042559ca29f32b7f5eb49f1900efbc1707323050
SHA256

36fcface1f63871389a6be87a356a656a4ae39c0d1a7a90fb3a454102ad58ada
SHA512

c7eeb4d60aa11dfc763a302d82614dc4291a08e0ceee62501ad43c522bf093444e526085f0bd75261c6305703339fdbab149915a742888b896483160be63f722
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+tK:LJ0TAz6Mte4A+aaZx8EnCGVut

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3016-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/3016-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/3016-7-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-11.dat	upx
behavioral1/memory/3016-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/3016-20-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a84daa0e4f9dc9b01c92cb9b789ff040N.exe

C:\Users\Admin\AppData\Local\Temp\a84daa0e4f9dc9b01c92cb9b789ff040N.exe
"C:\Users\Admin\AppData\Local\Temp\a84daa0e4f9dc9b01c92cb9b789ff040N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-gsMwJ49I2Vjuc5TE.exe

Filesize
83KB

MD5
53b7d412a27fc6282d59a877ec26b126

SHA1
0d948e61d1278dbbd1712638f1bb43b36c6dc969

SHA256
728aecd21d4d8727eab7cc1fd24a4c56cb24eb7618355d87c60ba9b856782947

SHA512
7bdb189c8891b9f37a9cacd858f818922045ebe36495cf42240aa46d8ff08a8b15c55e8741b7695a684e4a2481b21983d890447fd4fddc3682b29411ee9c11d5

Download Submit
memory/3016-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3016-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3016-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3016-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3016-20-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download