4bf78c37d842a8f61ae3aac4af9fb070a164cd82a9ad2d894fd0ef0db3010720

Analysis

max time kernel
111s
max time network
95s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 06:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

420971bb54ed807ca0caf17de62ce0f0N.exe
Size

83KB
MD5

420971bb54ed807ca0caf17de62ce0f0
SHA1

0146510f36a0e8430a0c81db0f36e312d3412b1b
SHA256

4bf78c37d842a8f61ae3aac4af9fb070a164cd82a9ad2d894fd0ef0db3010720
SHA512

691d515a051f4a906fe5286ac856c0d1fdc7d1caf0b6501c6c52a7900892fd610e6d9e2c06a50a45ff16be6baad76235c691e57219b90b8f4c368606fc55270b
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+JK:LJ0TAz6Mte4A+aaZx8EnCGVuJ

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2804-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2804-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2804-4-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2804-8-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x000c000000016d58-11.dat	upx
behavioral1/memory/2804-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2804-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	420971bb54ed807ca0caf17de62ce0f0N.exe

C:\Users\Admin\AppData\Local\Temp\420971bb54ed807ca0caf17de62ce0f0N.exe
"C:\Users\Admin\AppData\Local\Temp\420971bb54ed807ca0caf17de62ce0f0N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-GBPXxpCiesAGxD0E.exe

Filesize
83KB

MD5
cd1d4239624f1296a33c0470c3be17a0

SHA1
6886a9a1d94cb47eb24a5a1793d4a910dab5d284

SHA256
47d3d572b44b6ef98849f92c03c0119b40a6fa7000704b7377983729dca804e5

SHA512
6258e63388bf02a4a78da5c4b81263b3a44664a6f3b4764c336f3e325a2669029cc38344475ed50ab68a5c3e3c8f0ff0db1c82734b517c9f47833a98386224a1

Download Submit
memory/2804-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2804-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2804-4-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2804-8-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2804-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2804-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download