7f5ef32abf0661e991d2350ddead008dc64414d136cb575dfc6312bd994109eb

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 01:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e0a41a65731e8ab7fa628a8af9b53f40N.exe
Size

83KB
MD5

e0a41a65731e8ab7fa628a8af9b53f40
SHA1

b9571db23add7da6d0952ec9da6bf6205e501974
SHA256

7f5ef32abf0661e991d2350ddead008dc64414d136cb575dfc6312bd994109eb
SHA512

c5075649d0f3df495ed8a26d3dd869a18c112487ee680e0528962f9078d7d9cae8f6e7716ca5fdd9f7eae4b797a34277609c2d85bfe617080cd801102693abde
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+CK:LJ0TAz6Mte4A+aaZx8EnCGVuC

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2520-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2520-2-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2520-8-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-12.dat	upx
behavioral1/memory/2520-15-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2520-23-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e0a41a65731e8ab7fa628a8af9b53f40N.exe

C:\Users\Admin\AppData\Local\Temp\e0a41a65731e8ab7fa628a8af9b53f40N.exe
"C:\Users\Admin\AppData\Local\Temp\e0a41a65731e8ab7fa628a8af9b53f40N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-7fxUepK14JhQaZwo.exe

Filesize
83KB

MD5
c08165d67077aebd7eb44b36be82191d

SHA1
07094702368b0c5c7d819e0e6d35d0dfe4a82fea

SHA256
4b8fed93b8855d4ae807709fa0b37c327d1f590fa6ed85c14a8b633de61e75f4

SHA512
2b124e59e1cfa79f74985099bd516c88bc1ca42b5d9a2a207e02a2ba415c8fd852a7c03c4c345a571895e3440b77ad3983758050d67eaab4a84f45aeae0d7b08

Download Submit
memory/2520-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2520-2-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2520-8-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2520-15-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2520-23-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download