a6d7d2efd77f486de7d82c1d4fd0b76e75fd776413f67dcf491b663cdbaa8eed

Analysis

max time kernel
112s
max time network
97s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 03:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a6d7d2efd77f486de7d82c1d4fd0b76e75fd776413f67dcf491b663cdbaa8eedN.exe
Size

83KB
MD5

5ac437551738ecedef13a0cb9de1e310
SHA1

9c8351eb09fec09fdb442c2885094a833fad1e79
SHA256

a6d7d2efd77f486de7d82c1d4fd0b76e75fd776413f67dcf491b663cdbaa8eed
SHA512

73a5cb1c2af3fd2c542d3d4e10b5036a03d9a4a7825aeca583895131c1b6e48e80c28df11e4905c9cb11064950db120e7e263794bcb9e0fcc731d9c7089e2b75
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+EK:LJ0TAz6Mte4A+aaZx8EnCGVuE

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2564-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2564-2-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2564-6-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0009000000012101-12.dat	upx
behavioral1/memory/2564-13-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2564-23-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a6d7d2efd77f486de7d82c1d4fd0b76e75fd776413f67dcf491b663cdbaa8eedN.exe

C:\Users\Admin\AppData\Local\Temp\a6d7d2efd77f486de7d82c1d4fd0b76e75fd776413f67dcf491b663cdbaa8eedN.exe
"C:\Users\Admin\AppData\Local\Temp\a6d7d2efd77f486de7d82c1d4fd0b76e75fd776413f67dcf491b663cdbaa8eedN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-37WEz5BjoH9ZqElJ.exe

Filesize
83KB

MD5
c4a851a8f974f364e75f5f9f6e4776cc

SHA1
9401a77158c68babc2e8b70a1b121971ab7f1169

SHA256
c3033f0b0a0097bf159ce528f73933582b87ce8623a38a6b364b6623e5b1da11

SHA512
b4075752ea498a29fdf6e24910799eccd49aaa4d4ed1a8b9154c9fa3846b7fa178da8179e779ce1aa1472ee32f432c9f9cb196458d3c49a241dbec06d47b59d3

Download Submit
memory/2564-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2564-2-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2564-6-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2564-13-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2564-23-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download