8726f323fc53309faef66f2d0245f0c9c1e4eb2e9c0533c16b4961a565c867fe

Analysis

max time kernel
110s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15/09/2024, 08:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7e9f1d0cb782fc43dd120a0f52bb61a0N.exe
Size

83KB
MD5

7e9f1d0cb782fc43dd120a0f52bb61a0
SHA1

2a1d7a87bb026822a02ab79a0292cb41d565dda8
SHA256

8726f323fc53309faef66f2d0245f0c9c1e4eb2e9c0533c16b4961a565c867fe
SHA512

815afa44089ccb53f9d9b11d7e4be00b7abde2c9b5fcb8b635ced35acb0e905ff4eef114505b4a0510b6699d9a11e7772fd68ebe55157e5e2bf89deefe9f8848
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+5K:LJ0TAz6Mte4A+aaZx8EnCGVu5

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4296-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4296-2-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4296-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4296-9-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/files/0x000c0000000218b3-13.dat	upx
behavioral2/memory/4296-16-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4296-23-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7e9f1d0cb782fc43dd120a0f52bb61a0N.exe

C:\Users\Admin\AppData\Local\Temp\7e9f1d0cb782fc43dd120a0f52bb61a0N.exe
"C:\Users\Admin\AppData\Local\Temp\7e9f1d0cb782fc43dd120a0f52bb61a0N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-YkOwTfS0DAVJdDy8.exe

Filesize
83KB

MD5
42bb83a839a448ce8e3b7706b4b0b19f

SHA1
e425cb0c4b4f1a1e1579ef36529dd420d6e8f95b

SHA256
797cbebabe13f6d83da20c59d9d183bfac2ca6843ccdb839c9d81a07e4cd9219

SHA512
30f24c531d28eead433ba806d465bda782a5c674a10e1fd338816be4353a761cd89c551c5abfb2ef3ef0f673407fe8044f779d298d518ddeb56ea5e66e9963b4

Download Submit
memory/4296-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4296-2-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4296-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4296-9-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4296-16-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4296-23-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download