e81171ff3a8fd70945a1f06775e7cabf3e5f8150af600564d901fff9ad9ea0b8

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
29-08-2024 04:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e243fa2333192b20ff41ebd4dbd3050N.exe
Size

236KB
MD5

7e243fa2333192b20ff41ebd4dbd3050
SHA1

db4b3f39bada7c4db29974a255dd9d05914b713d
SHA256

e81171ff3a8fd70945a1f06775e7cabf3e5f8150af600564d901fff9ad9ea0b8
SHA512

dee247737991e6b41be1fa8ff20898669b305b19a0e5059746963558833a7c3623cc6a759b5acbe5050ea3ae62b20ee54b9147dec94c88f575651d3dd195e69c
SSDEEP

3072:aJ0Bs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/s/FnncroP9:uwDeM7iNEkgiOb31k1EC6J/F

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2112-0-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral1/memory/2112-1-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-7.dat	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7e243fa2333192b20ff41ebd4dbd3050N.exe

C:\Users\Admin\AppData\Local\Temp\7e243fa2333192b20ff41ebd4dbd3050N.exe
"C:\Users\Admin\AppData\Local\Temp\7e243fa2333192b20ff41ebd4dbd3050N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-LXhXbr4hu7nPgdro.exe

Filesize
236KB

MD5
19f92b5b88e26f617e1052358b9a1da4

SHA1
643cc5846bf9354b5e7e19127865eca9af5cb950

SHA256
558ed21d41a0b5579beee253de4d867ad53497c19ddecd134a020c0afc15f602

SHA512
edb6a4b9006f1668f211ee1c4715034d55b3eeec34dc9837bf59b7ca839afc04d710ccabe398966486d127cfd46587b8ad1439934e07a0d55f98b86e47a15de5

Download Submit
memory/2112-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2112-1-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download