d46479afa539214cc3210743d6c36c8ff6b301a9f777722240987aa95f3b0bae

Analysis

max time kernel
110s
max time network
92s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 06:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d46479afa539214cc3210743d6c36c8ff6b301a9f777722240987aa95f3b0baeN.exe
Size

83KB
MD5

8ed803d3236e51db4ed193fc17c127e0
SHA1

faa1ece1467a351231def1e37802801fdcf473b0
SHA256

d46479afa539214cc3210743d6c36c8ff6b301a9f777722240987aa95f3b0bae
SHA512

f58a4485077525f2279b662ef29c5c1f693e93e3cd009629d3e4c62fcc3677d112dcf5b964720ed0eec878731fe6843137f5c1c0e7c3f2cf4f4c24d5b44b9aaf
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+PK:LJ0TAz6Mte4A+aaZx8EnCGVuP

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2584-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2584-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2584-6-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-11.dat	upx
behavioral1/memory/2584-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2584-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d46479afa539214cc3210743d6c36c8ff6b301a9f777722240987aa95f3b0baeN.exe

C:\Users\Admin\AppData\Local\Temp\d46479afa539214cc3210743d6c36c8ff6b301a9f777722240987aa95f3b0baeN.exe
"C:\Users\Admin\AppData\Local\Temp\d46479afa539214cc3210743d6c36c8ff6b301a9f777722240987aa95f3b0baeN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-qivallkN2sxUgHeN.exe

Filesize
83KB

MD5
69a2588d2e5843649b2d79ff47b32e25

SHA1
3cb38bdea5f070602e1d1c549b001cfdffba435a

SHA256
45a8158053f109de8edd4cf8f91bb05618c3d00ab98d0a33b274be2b15377ead

SHA512
d7255457e643373a491ae3f86536454f497685950223442b8c3b64243cc1660dca373f61cef0c9c681968de418545842c6bef5ba68ffc82177e5a6f9aca28e91

Download Submit
memory/2584-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2584-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2584-6-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2584-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2584-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download