5c86b2ba314d8d4cb6e8a365e7d54ceae714aa45157dace64b94be25ee939625

Analysis

max time kernel
111s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 05:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c86b2ba314d8d4cb6e8a365e7d54ceae714aa45157dace64b94be25ee939625N.exe
Size

83KB
MD5

d836c485c498341566e49ceb683c5f80
SHA1

8578b9eda82eb74cce21c1e1a5c6227d3e445645
SHA256

5c86b2ba314d8d4cb6e8a365e7d54ceae714aa45157dace64b94be25ee939625
SHA512

fa47365222dd029797634d996f12ea38af8fb2fc0e0076f6e57e7417a562b39775604f8e96c561facd161125298ccc43ab016f0dd27452f21cfe86cc4c116b18
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+OK:LJ0TAz6Mte4A+aaZx8EnCGVuO

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4932-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4932-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4932-4-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4932-8-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/files/0x00080000000234cb-11.dat	upx
behavioral2/memory/4932-12-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4932-20-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5c86b2ba314d8d4cb6e8a365e7d54ceae714aa45157dace64b94be25ee939625N.exe

C:\Users\Admin\AppData\Local\Temp\5c86b2ba314d8d4cb6e8a365e7d54ceae714aa45157dace64b94be25ee939625N.exe
"C:\Users\Admin\AppData\Local\Temp\5c86b2ba314d8d4cb6e8a365e7d54ceae714aa45157dace64b94be25ee939625N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-Ed0rqLFZVhl5hLw5.exe

Filesize
83KB

MD5
1832a73949a0d368fe78883a41ca7d66

SHA1
2bcecb6f66267e7bbf000854537122886e4cdfae

SHA256
6d10f196cc45f0781d37dfa096c54e917786e714be32ad4d4ace2e023cb0c49e

SHA512
7bd907396e68aeacc42d45d925d443615362d72407a2b5fd50bb6024d6f47180ae29ae274dc70103b2d9cb14088868ba6d1b3d4d1314efe7cccc90ef1b267ce2

Download Submit
memory/4932-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4932-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4932-4-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4932-8-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4932-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4932-20-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download