5f66317c15f9c6a2daa829f567af7ab04d348269b7e7846a8ad9adfb097e683b

Analysis

max time kernel
101s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 06:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

181dccdae110070c3f35aca49c2c2690N.exe
Size

29KB
MD5

181dccdae110070c3f35aca49c2c2690
SHA1

e15fc67720c61511a1cbf25d7435fd47d845962d
SHA256

5f66317c15f9c6a2daa829f567af7ab04d348269b7e7846a8ad9adfb097e683b
SHA512

5ac41bff9b9e6c01b01325a122661f1c0f049ce718978f44a6fe688d6ca39a24f7133ba3a169c7ec67b4e2332086825b640a8e2f5022dcc665625ae5e621e7f6
SSDEEP

768:ITRfpN0pOy3OzeXmOGXbJOlB2vsLCik5dAy7b6lSV:IHzzeWHXbJGB2EOik5h36lI

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1484-0-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral2/files/0x000a0000000233c9-5.dat	upx
behavioral2/memory/1484-101-0x0000000000400000-0x000000000041A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	181dccdae110070c3f35aca49c2c2690N.exe

C:\Users\Admin\AppData\Local\Temp\181dccdae110070c3f35aca49c2c2690N.exe
"C:\Users\Admin\AppData\Local\Temp\181dccdae110070c3f35aca49c2c2690N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\My Downloads\Empire Earth ISO - Full Downloader.exe

Filesize
29KB

MD5
cbcc98460eaca3501dd1d7b495019b14

SHA1
b3b5ceae9c460f069fb98331f5d9d226aaffa253

SHA256
268a525f74108315897cc2208e80ca17a0c6d17dab80cb8cf24cecb326d6e8eb

SHA512
595a803b17fc1dd0d912207a6fe5cfb344a4b305a42719d8a07cfe413d60de1d8cb2b16cb0ac9227592f2ffff6eaf77cff8092520b6d12fa4d9c9e3cf8242a5a

Download Submit
memory/1484-0-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1484-101-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download