8e08f2206e2375916977e64e593ce46fc2beb155ad71c7b54deb7064324d8b4c

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14-08-2024 05:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

373a43deb99606c0b7b8238355e00640N.exe
Size

83KB
MD5

373a43deb99606c0b7b8238355e00640
SHA1

366c22e39fb6b5c10b6f0518fe232b479b5679c9
SHA256

8e08f2206e2375916977e64e593ce46fc2beb155ad71c7b54deb7064324d8b4c
SHA512

8da5f7135c6f5e5b217e8fb44b1244485fd833ba0f6c7188bbe0a907b976eeedc9ffec81b307522c5fc2321a5e5f79ec66fc967030334659918335ffbca15c3a
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+FK:LJ0TAz6Mte4A+aaZx8EnCGVuF

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2376-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2376-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2376-6-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2376-10-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-12.dat	upx
behavioral1/memory/2376-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2376-21-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	373a43deb99606c0b7b8238355e00640N.exe

C:\Users\Admin\AppData\Local\Temp\373a43deb99606c0b7b8238355e00640N.exe
"C:\Users\Admin\AppData\Local\Temp\373a43deb99606c0b7b8238355e00640N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-m1anKi7PBuuVBI15.exe

Filesize
83KB

MD5
5667a337265b95748597b490bf4c8a65

SHA1
521db7d899d4197002ec857ccdf97ff3500f66f2

SHA256
d51ce1d5280da869332d350acec74d42b2ef8d45d34b2fe6896a1897bcb3011e

SHA512
500811707a09911358f2aad5dd3d5c5594dd098f3ff323ca9d718f4feaceabd9fb85990af97d9bc9dc058c739d95aaf1861f62600774d084055fd2212850adba

Download Submit
memory/2376-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2376-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2376-6-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2376-10-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2376-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2376-21-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download