c1e92079fbefed51003ec310d13f971f0efb026a16835e6d8ea067ed1cdfa5c6

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-09-2024 14:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2bc10d3c398f15ba8e26abb9f90e41c0N.exe
Size

83KB
MD5

2bc10d3c398f15ba8e26abb9f90e41c0
SHA1

3e65a6f98ff4a566a44f646f0bc60abf59f702fe
SHA256

c1e92079fbefed51003ec310d13f971f0efb026a16835e6d8ea067ed1cdfa5c6
SHA512

9ef543f6e6674b2aa3a378b5d3d4f8f4fa3f837b7112e7cce6a6197496a04d190a4c3a92c45a2463cb07f98d65a683a0ebe5984b32907771bf39b5e1756f72ee
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+DK:LJ0TAz6Mte4A+aaZx8EnCGVuD

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2280-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2280-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2280-4-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2280-8-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0064000000011c27-12.dat	upx
behavioral1/memory/2280-15-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2280-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2bc10d3c398f15ba8e26abb9f90e41c0N.exe

C:\Users\Admin\AppData\Local\Temp\2bc10d3c398f15ba8e26abb9f90e41c0N.exe
"C:\Users\Admin\AppData\Local\Temp\2bc10d3c398f15ba8e26abb9f90e41c0N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-gpU7cPaPj98AXOtz.exe

Filesize
83KB

MD5
99605516c60998e7021feeda3be1fdef

SHA1
08b3832cf9b55ef0c2873b194c19f18c60d877bb

SHA256
5046a0f3a054afb8af1cd72bf6e773871e729e5361659aa043452689f3d31f43

SHA512
1032c04ba69d353800d3ab0cc05a2564e0dab72858b8f723aef37337f03afdd95d3f989424f687a473487546a4247f84b300258f53a8edc13ef485cdc4b2cdd6

Download Submit
memory/2280-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2280-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2280-4-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2280-8-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2280-15-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2280-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download