de7d28ac5c153e3fb3e008273edf0e3debbeca3a9de0ad3b551982e5b140c33b

General

Target

de7d28ac5c153e3fb3e008273edf0e3debbeca3a9de0ad3b551982e5b140c33b.exe
Size

4.7MB
MD5

771bb6e6803877dbd862fbe550860707
SHA1

a155fa12404f1952a03e9643be73f9c8da43abb1
SHA256

de7d28ac5c153e3fb3e008273edf0e3debbeca3a9de0ad3b551982e5b140c33b
SHA512

b600ee268b8a5377a5346d34d26baeb5d54cd9cfafc6b3d79091023edc2d739812720c8d55ba1b02ddf6605f78fc24fd6e2c467bfeb2181f1e5336bcf598b2ec
SSDEEP

98304:qQx/ml8PHvTke9uP/HAAvAF6RK7U4r7EgUDluB91PM+bVUi:JJ9uHKkK7FcgUD+9m+bVZ

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2820-0-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2820-1-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2820-24-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2820-46-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2820-45-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2820-44-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2820-39-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2820-37-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2820-33-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2820-32-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2820-29-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2820-13-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2820-5-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2820-3-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2820-2-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2820-35-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2820-27-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2820-25-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2820-21-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2820-19-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2820-17-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2820-15-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2820-11-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2820-9-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2820-7-0x0000000010000000-0x000000001003E000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	de7d28ac5c153e3fb3e008273edf0e3debbeca3a9de0ad3b551982e5b140c33b.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2820	de7d28ac5c153e3fb3e008273edf0e3debbeca3a9de0ad3b551982e5b140c33b.exe
2820	de7d28ac5c153e3fb3e008273edf0e3debbeca3a9de0ad3b551982e5b140c33b.exe
2820	de7d28ac5c153e3fb3e008273edf0e3debbeca3a9de0ad3b551982e5b140c33b.exe
2820	de7d28ac5c153e3fb3e008273edf0e3debbeca3a9de0ad3b551982e5b140c33b.exe
2820	de7d28ac5c153e3fb3e008273edf0e3debbeca3a9de0ad3b551982e5b140c33b.exe
2820	de7d28ac5c153e3fb3e008273edf0e3debbeca3a9de0ad3b551982e5b140c33b.exe
2820	de7d28ac5c153e3fb3e008273edf0e3debbeca3a9de0ad3b551982e5b140c33b.exe
2820	de7d28ac5c153e3fb3e008273edf0e3debbeca3a9de0ad3b551982e5b140c33b.exe
2820	de7d28ac5c153e3fb3e008273edf0e3debbeca3a9de0ad3b551982e5b140c33b.exe
2820	de7d28ac5c153e3fb3e008273edf0e3debbeca3a9de0ad3b551982e5b140c33b.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2820	de7d28ac5c153e3fb3e008273edf0e3debbeca3a9de0ad3b551982e5b140c33b.exe
2820	de7d28ac5c153e3fb3e008273edf0e3debbeca3a9de0ad3b551982e5b140c33b.exe
2820	de7d28ac5c153e3fb3e008273edf0e3debbeca3a9de0ad3b551982e5b140c33b.exe

C:\Users\Admin\AppData\Local\Temp\de7d28ac5c153e3fb3e008273edf0e3debbeca3a9de0ad3b551982e5b140c33b.exe
"C:\Users\Admin\AppData\Local\Temp\de7d28ac5c153e3fb3e008273edf0e3debbeca3a9de0ad3b551982e5b140c33b.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2820-0-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2820-1-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2820-24-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2820-46-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2820-45-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2820-44-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2820-39-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2820-37-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2820-33-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2820-32-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2820-29-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2820-13-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2820-5-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2820-3-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2820-2-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2820-35-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2820-27-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2820-25-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2820-21-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2820-19-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2820-17-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2820-15-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2820-11-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2820-9-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2820-7-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing