399c142aa11bcecfcad0ef0e2acd537d06aa9aa370aad5c1d38d52ee97ac2a83

Analysis

max time kernel
111s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
31/08/2024, 23:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1c41c3e8f0bddd0091c6ccbd0aa08ba0N.exe
Size

83KB
MD5

1c41c3e8f0bddd0091c6ccbd0aa08ba0
SHA1

56ce29fff769e8837635710ce52108e664ad6736
SHA256

399c142aa11bcecfcad0ef0e2acd537d06aa9aa370aad5c1d38d52ee97ac2a83
SHA512

4c99c3ac1d7d96c901bca136cc42aecd2d5c086379a9a5e3b82cee05c9ad63844b1d60948732ae6284aefc552449c775527d14631242c00ca80f779b83da03b1
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+HK:LJ0TAz6Mte4A+aaZx8EnCGVuH

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3712-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3712-2-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3712-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3712-9-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/files/0x000300000001e735-12.dat	upx
behavioral2/memory/3712-13-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3712-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1c41c3e8f0bddd0091c6ccbd0aa08ba0N.exe

C:\Users\Admin\AppData\Local\Temp\1c41c3e8f0bddd0091c6ccbd0aa08ba0N.exe
"C:\Users\Admin\AppData\Local\Temp\1c41c3e8f0bddd0091c6ccbd0aa08ba0N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-2ZroAvi4172Vavss.exe

Filesize
83KB

MD5
f0b3bdb1f9fb75683006f0a629f4360d

SHA1
0913af43e056687defa446932e5d96837d22f10b

SHA256
6e7662da4806339255cde40558b60201ce95f80d201c6911bfc9caa1b270549d

SHA512
e42e9e3ebb069f7beecc8b27f67e2289765508c84ffb45c44283bcbf27b6cb8ef929423151de7363e5c4ac7cb6868da66c36b58e67a241835a7a8b0458c2d7cf

Download Submit
memory/3712-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3712-2-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3712-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3712-9-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3712-13-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3712-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download