5c86b2ba314d8d4cb6e8a365e7d54ceae714aa45157dace64b94be25ee939625

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 05:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c86b2ba314d8d4cb6e8a365e7d54ceae714aa45157dace64b94be25ee939625N.exe
Size

83KB
MD5

d836c485c498341566e49ceb683c5f80
SHA1

8578b9eda82eb74cce21c1e1a5c6227d3e445645
SHA256

5c86b2ba314d8d4cb6e8a365e7d54ceae714aa45157dace64b94be25ee939625
SHA512

fa47365222dd029797634d996f12ea38af8fb2fc0e0076f6e57e7417a562b39775604f8e96c561facd161125298ccc43ab016f0dd27452f21cfe86cc4c116b18
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+OK:LJ0TAz6Mte4A+aaZx8EnCGVuO

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2604-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2604-2-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2604-6-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x000800000001211a-12.dat	upx
behavioral1/memory/2604-13-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2604-23-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5c86b2ba314d8d4cb6e8a365e7d54ceae714aa45157dace64b94be25ee939625N.exe

C:\Users\Admin\AppData\Local\Temp\5c86b2ba314d8d4cb6e8a365e7d54ceae714aa45157dace64b94be25ee939625N.exe
"C:\Users\Admin\AppData\Local\Temp\5c86b2ba314d8d4cb6e8a365e7d54ceae714aa45157dace64b94be25ee939625N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-Za99agr8YB1WR44M.exe

Filesize
83KB

MD5
97db1b82219bc66ed8805f77d0aa3bbf

SHA1
58c4c746f622b351890486b2e2d9c93d4994a17b

SHA256
abda13fe066c79b1a1026be5148d39d66b5e4d0b71ad6ca0932370d2ccbb3a9e

SHA512
dbb9d97147c07d77b2d5f9fd8927ee92cf5ddd50ff566de07b367d526bd7152f0aa6d942e3a2860bcdb06ce2644f4e63b4d88299d878edb60ef035bd7ccaf8cc

Download Submit
memory/2604-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2604-2-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2604-6-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2604-13-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2604-23-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download