857df8c3dd89e4821a64dad8dbb937cb9cb117eb0f4f04064e97e3ffa693a621

Analysis

max time kernel
106s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 12:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c7ebd6577475e738433efc3d08ba3c0N.exe
Size

57KB
MD5

8c7ebd6577475e738433efc3d08ba3c0
SHA1

1c19222a96b62b5d170d74bd770acf7b28199622
SHA256

857df8c3dd89e4821a64dad8dbb937cb9cb117eb0f4f04064e97e3ffa693a621
SHA512

a3fccdc284890d1b0c2f182571a61ba25bcead98f494840d42a947065581183848256ab1c2bdfe3a110cf9ea18fac6785247c73b70b10e9a4c1911f95d217e71
SSDEEP

768:fllPp7JeTe5MLjH4B5NCPd7m+Z7hl6XmPA+S3y4fBhg6msato84B97SxZ:flEK5SYB5s1Zb6XDC4Hte74B9uv

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3204-0-0x0000000000400000-0x000000000041B000-memory.dmp	upx
behavioral2/files/0x0007000000023443-5.dat	upx
behavioral2/memory/3204-103-0x0000000000400000-0x000000000041B000-memory.dmp	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\dextor32.exe	8c7ebd6577475e738433efc3d08ba3c0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8c7ebd6577475e738433efc3d08ba3c0N.exe

C:\Users\Admin\AppData\Local\Temp\8c7ebd6577475e738433efc3d08ba3c0N.exe
"C:\Users\Admin\AppData\Local\Temp\8c7ebd6577475e738433efc3d08ba3c0N.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:3204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Temp\CKY3 - Bam Margera World Industries Alien Workshop Full Downloader.exe

Filesize
57KB

MD5
8c7ebd6577475e738433efc3d08ba3c0

SHA1
1c19222a96b62b5d170d74bd770acf7b28199622

SHA256
857df8c3dd89e4821a64dad8dbb937cb9cb117eb0f4f04064e97e3ffa693a621

SHA512
a3fccdc284890d1b0c2f182571a61ba25bcead98f494840d42a947065581183848256ab1c2bdfe3a110cf9ea18fac6785247c73b70b10e9a4c1911f95d217e71

Download Submit
memory/3204-0-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3204-103-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download