133f8f95dd9d482bca531980b4dcb39fc5832a0673688480d1abfd71dca96d0f

Analysis

max time kernel
119s
max time network
92s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 05:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

133f8f95dd9d482bca531980b4dcb39fc5832a0673688480d1abfd71dca96d0fN.exe
Size

83KB
MD5

8d38c7e34290e35c4120d99eee24a060
SHA1

8d1a3875847cd5bc616d2a73fa9a4109ed2f671a
SHA256

133f8f95dd9d482bca531980b4dcb39fc5832a0673688480d1abfd71dca96d0f
SHA512

cb235935e551b9021c4e1fda87b156734cdd1ea90b132b66971f0a86acc02dcd0e6a61962a1ab09f8d2e790a2b135d491a455337e9f2999f39f4fd96d4de49a8
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+1K:LJ0TAz6Mte4A+aaZx8EnCGVu1

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2692-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2692-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2692-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0009000000012102-11.dat	upx
behavioral1/memory/2692-12-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2692-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	133f8f95dd9d482bca531980b4dcb39fc5832a0673688480d1abfd71dca96d0fN.exe

C:\Users\Admin\AppData\Local\Temp\133f8f95dd9d482bca531980b4dcb39fc5832a0673688480d1abfd71dca96d0fN.exe
"C:\Users\Admin\AppData\Local\Temp\133f8f95dd9d482bca531980b4dcb39fc5832a0673688480d1abfd71dca96d0fN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-HCPbS06r1FwkE8bA.exe

Filesize
83KB

MD5
213eb84619cb0fdf004a81833d04df0b

SHA1
df50d7e9ca45ed515c08dc9364c78e5dab8d49a3

SHA256
ffeea94f684f6759b83d98ca18d0038f0c87c8386207f873576f4f53a97f58a4

SHA512
2bcb8c9382e1f03a7b3d69777b2a19858211e5411086de2dc894dbe81412fdca4d999ae364fa3dfa4cbde9956be20134f313b2fc78e7b6acfb78ebb48dad3ccf

Download Submit
memory/2692-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2692-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2692-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2692-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2692-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download