f553fde21b15ef8c8f0de9f755f0ab5968b9a60190b8bb1661beb717e079e6b0

General

Target

f553fde21b15ef8c8f0de9f755f0ab5968b9a60190b8bb1661beb717e079e6b0.exe
Size

1.3MB
MD5

2052e2dd3f3527b341bd00ae9da71d4f
SHA1

8a8c0577f343a26a8aebac20cb42f64ff6820f6a
SHA256

f553fde21b15ef8c8f0de9f755f0ab5968b9a60190b8bb1661beb717e079e6b0
SHA512

e7e04c8cf60c72828e2304a2e6e0b69d7bd2346b0d7e1b5e3d8dbab686461849397b9c2c9fc866511db1a401cf537c1f99bb77bf98d1437e5f8f300d146158d7
SSDEEP

24576:7ARQ7tO0PLjT5e1IF4dDLDsTVd7ocKBepsBRbC0ibGftpHneN:7neNL47om6TC0i5

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 27 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/800-0-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-2-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-4-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-3-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-8-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-6-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-12-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-5-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-24-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-36-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-40-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-22-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-33-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-31-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-29-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-27-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-20-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-41-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-51-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-48-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-46-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-44-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-42-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-18-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-16-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-10-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/800-52-0x0000000010000000-0x000000001003E000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f553fde21b15ef8c8f0de9f755f0ab5968b9a60190b8bb1661beb717e079e6b0.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
800	f553fde21b15ef8c8f0de9f755f0ab5968b9a60190b8bb1661beb717e079e6b0.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
800	f553fde21b15ef8c8f0de9f755f0ab5968b9a60190b8bb1661beb717e079e6b0.exe
800	f553fde21b15ef8c8f0de9f755f0ab5968b9a60190b8bb1661beb717e079e6b0.exe
800	f553fde21b15ef8c8f0de9f755f0ab5968b9a60190b8bb1661beb717e079e6b0.exe

C:\Users\Admin\AppData\Local\Temp\f553fde21b15ef8c8f0de9f755f0ab5968b9a60190b8bb1661beb717e079e6b0.exe
"C:\Users\Admin\AppData\Local\Temp\f553fde21b15ef8c8f0de9f755f0ab5968b9a60190b8bb1661beb717e079e6b0.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/800-0-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-2-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-4-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-3-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-8-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-6-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-12-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-5-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-24-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-36-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-40-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-22-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-33-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-31-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-29-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-27-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-20-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-41-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-51-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-48-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-46-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-44-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-42-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-18-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-16-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-10-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/800-52-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing