50711d34eed5b8169bcff6687cf03d1d0acfcee30297b6ffc3c4d9c442c8ca40

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-09-2024 07:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50711d34eed5b8169bcff6687cf03d1d0acfcee30297b6ffc3c4d9c442c8ca40N.exe
Size

83KB
MD5

dc415a040913f94f66578171f47ad2e0
SHA1

eee68b16d3895c521b627833aecce4c75b182323
SHA256

50711d34eed5b8169bcff6687cf03d1d0acfcee30297b6ffc3c4d9c442c8ca40
SHA512

15f3529a6f04cfd949141521e99c16325e28bd0f2916ef9dc91eebc4a13c34eca768e17b219a2c52fdcc94fdfb79215ed54c89bbd945782b2d56a7c24287df19
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+cK:LJ0TAz6Mte4A+aaZx8EnCGVuc

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2552-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2552-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2552-7-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0004000000013d08-11.dat	upx
behavioral1/memory/2552-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2552-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	50711d34eed5b8169bcff6687cf03d1d0acfcee30297b6ffc3c4d9c442c8ca40N.exe

C:\Users\Admin\AppData\Local\Temp\50711d34eed5b8169bcff6687cf03d1d0acfcee30297b6ffc3c4d9c442c8ca40N.exe
"C:\Users\Admin\AppData\Local\Temp\50711d34eed5b8169bcff6687cf03d1d0acfcee30297b6ffc3c4d9c442c8ca40N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-dUwMYEljVgGvJAug.exe

Filesize
83KB

MD5
c3cd60d0e3d2627e60b9b9c93b48ba87

SHA1
2a83dd9a03bf07d66226139babdffe31aeac9a3a

SHA256
e6f278f9419c0345980b52a349b8ce8d73d1720a2d5b8d2e326237f12a0536a3

SHA512
abb981b1c9ee31688924f9d8b2625e24176836b71df97f5b40625d6ecc1888eb613be39a5f85f1c7973a0a8bc21a96fce4d973e0ad0669e3d1b49f9e34290f70

Download Submit
memory/2552-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2552-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2552-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2552-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2552-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download