4b538763a5b817f944296d296f6349de9ab166c6e1c5973e2df55be8af44a07c

Analysis

max time kernel
110s
max time network
92s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 04:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b538763a5b817f944296d296f6349de9ab166c6e1c5973e2df55be8af44a07cN.exe
Size

83KB
MD5

20154c0738141cb89005612982226d80
SHA1

404f73bdf7ab0feb9e7abd553b9c0f0f66253e29
SHA256

4b538763a5b817f944296d296f6349de9ab166c6e1c5973e2df55be8af44a07c
SHA512

cf82a1793fb2e50d4e0c0b8eae95a5110b5ec7edcd188c085fe27a16e67c63108630ed43302cd3bc251c23e4973603b823a51b160cf31534808cc1cd0bc52a42
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+oK:LJ0TAz6Mte4A+aaZx8EnCGVuo

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2384-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2384-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2384-7-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-11.dat	upx
behavioral1/memory/2384-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2384-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4b538763a5b817f944296d296f6349de9ab166c6e1c5973e2df55be8af44a07cN.exe

C:\Users\Admin\AppData\Local\Temp\4b538763a5b817f944296d296f6349de9ab166c6e1c5973e2df55be8af44a07cN.exe
"C:\Users\Admin\AppData\Local\Temp\4b538763a5b817f944296d296f6349de9ab166c6e1c5973e2df55be8af44a07cN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-bQbHvNHdlf8FbTEw.exe

Filesize
83KB

MD5
db76e2952350085ebda0d5c6e6715707

SHA1
4f3ba654edda1572aca43de3c5c4e84c2a892095

SHA256
6a58f84bac205d2a62b71df54b05815eb2fde8dceddfbf9396bbd77a0b5a2571

SHA512
ed72f4a34c11f5b08656b6dd33722bcf28cd629b1dc524b5b5199ef8d23209281abf4259e7234e65cfe35e82f8c426328e67df487245016c039023b0c062c7c3

Download Submit
memory/2384-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2384-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2384-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2384-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2384-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download