b820164beb7e76d11de64add307c7a2ceea39b960454edbc41bb2484388a5334

Analysis

max time kernel
111s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 02:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b820164beb7e76d11de64add307c7a2ceea39b960454edbc41bb2484388a5334N.exe
Size

83KB
MD5

6c392c74f3b9f2601c5f7d9a26376300
SHA1

2ef5fbd11d5fe40daa4b98409b7229f2e07f3fd8
SHA256

b820164beb7e76d11de64add307c7a2ceea39b960454edbc41bb2484388a5334
SHA512

fb7a975aa1c30489262bda5ca4120ed478fa0e415385cc4a00f7c5e250dc6ab2e17b2da275660e3344c0e00c8b1f4820f8fcf409dc300870a92fb2b34d1e99d4
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+5K:LJ0TAz6Mte4A+aaZx8EnCGVu5

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4848-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4848-2-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4848-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4848-9-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/files/0x00080000000234a6-13.dat	upx
behavioral2/memory/4848-16-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4848-23-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b820164beb7e76d11de64add307c7a2ceea39b960454edbc41bb2484388a5334N.exe

C:\Users\Admin\AppData\Local\Temp\b820164beb7e76d11de64add307c7a2ceea39b960454edbc41bb2484388a5334N.exe
"C:\Users\Admin\AppData\Local\Temp\b820164beb7e76d11de64add307c7a2ceea39b960454edbc41bb2484388a5334N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-WsccL8RCsRjKKecG.exe

Filesize
83KB

MD5
98b060e42297cc6dc9234ed39ce1ae85

SHA1
4ae778b87813bc1fc11f4bfeca03a5715e74c233

SHA256
4ba29b862cd7d30f758fe858a357dba58688122e8c854be2f235cdcd8e56fecd

SHA512
f548c2d62c689b34cf442260079bf3c71d03bfeb8bca806255c477ff446cc6864aa86a3d36c0770eaa1d404a8e7d2e08a43458da9d512748d3d415ced584cc92

Download Submit
memory/4848-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4848-2-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4848-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4848-9-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4848-16-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4848-23-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download