5314eb6a87b1bbb5d0f452b88f1251b08ed672b3dd283690ee996f76908f2b84

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 05:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5314eb6a87b1bbb5d0f452b88f1251b08ed672b3dd283690ee996f76908f2b84N.exe
Size

83KB
MD5

7fbbe51a4b256d2cd4d8257d2c774810
SHA1

f5135b0ca3f2731bf11d939693fa8f1eadc635bd
SHA256

5314eb6a87b1bbb5d0f452b88f1251b08ed672b3dd283690ee996f76908f2b84
SHA512

6af24ef57cc3c96da62bcc81fe23a9b99c5b6809fc86205da1b2e7b131893d726e3030cfdc9eb041596ba0a06d038539e003c4c23d84a2cd2c8ddc3df02413ae
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+zK:LJ0TAz6Mte4A+aaZx8EnCGVuz

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2132-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2132-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2132-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0004000000004ed7-11.dat	upx
behavioral1/memory/2132-12-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2132-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5314eb6a87b1bbb5d0f452b88f1251b08ed672b3dd283690ee996f76908f2b84N.exe

C:\Users\Admin\AppData\Local\Temp\5314eb6a87b1bbb5d0f452b88f1251b08ed672b3dd283690ee996f76908f2b84N.exe
"C:\Users\Admin\AppData\Local\Temp\5314eb6a87b1bbb5d0f452b88f1251b08ed672b3dd283690ee996f76908f2b84N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-wYQbtGrttPEyJEUG.exe

Filesize
83KB

MD5
b31906c9737abd3c43af2d931c84ea3a

SHA1
af4f48e01d44c36014362a4a19156c94128d3c00

SHA256
6cb9c31777c379032c19c9aa6120421d278a55af6231da4c2890ae0ca5156e85

SHA512
77ef64c2f3e4a38b4a75993c130ed4590dafa5c4260d1e795db60ba5901d1cb96e98ee00c804b8d40580c886a8e9118216b4a6d45d08337f74d1fac53952b71f

Download Submit
memory/2132-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2132-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2132-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2132-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2132-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download