c501f2bc5bdd12054a8e7d8efd0b1444e3f00ec7df58a5d58bcbbebe7bb3b6a6

Analysis

max time kernel
110s
max time network
92s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 07:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c501f2bc5bdd12054a8e7d8efd0b1444e3f00ec7df58a5d58bcbbebe7bb3b6a6N.exe
Size

83KB
MD5

d931207d00b92e09c2f7627003431880
SHA1

852426f0c0d3c07d8f01d1f74087043dadea523f
SHA256

c501f2bc5bdd12054a8e7d8efd0b1444e3f00ec7df58a5d58bcbbebe7bb3b6a6
SHA512

d8020299caa2a252c76adb7f0dfa7c0c1dfb6c0851f09a75f0c08bacf3f33a09980cb4ca433dc287a3b47cf6b935d79a936fa7ac562539169d8d806efdfeb0a5
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+AK:LJ0TAz6Mte4A+aaZx8EnCGVuA

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2524-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2524-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2524-7-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x003100000001939b-11.dat	upx
behavioral1/memory/2524-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2524-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c501f2bc5bdd12054a8e7d8efd0b1444e3f00ec7df58a5d58bcbbebe7bb3b6a6N.exe

C:\Users\Admin\AppData\Local\Temp\c501f2bc5bdd12054a8e7d8efd0b1444e3f00ec7df58a5d58bcbbebe7bb3b6a6N.exe
"C:\Users\Admin\AppData\Local\Temp\c501f2bc5bdd12054a8e7d8efd0b1444e3f00ec7df58a5d58bcbbebe7bb3b6a6N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-lgG7IwfVFlycyFxj.exe

Filesize
83KB

MD5
0d6c5e6cfeeddfe154209ca7d3e1330a

SHA1
b8e88efb915a29af370a37801ef215bf9103b79d

SHA256
626b749192f6cb79492926fddce34bba65666a68173edc70ed5b45ed1386daf1

SHA512
1604b7f3df91e96ea3d535b2594af21b3febd1b17700633d9b2577d64d9474074ccb1f97823493908dc1e3b01845e7e599c8fe7b5171b58d2c6a8caf7390c5ee

Download Submit
memory/2524-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2524-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2524-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2524-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2524-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download