4f686d5d4a8a202e7e2d78312f91c0f57fd2a5f286216d9156757659382af016

Analysis

max time kernel
140s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 21:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f686d5d4a8a202e7e2d78312f91c0f57fd2a5f286216d9156757659382af016.exe
Size

358KB
MD5

fb18503b4543b3a8e8992e451e30e560
SHA1

598b8ad92e00a5e6e14130751e17d4c722b090c9
SHA256

4f686d5d4a8a202e7e2d78312f91c0f57fd2a5f286216d9156757659382af016
SHA512

d942b7a37eef9e8151f6dc6689bd559466ce63900a7d648d934693c5dfa32798be4b5d1da22e0218863882976bfcdc4ff98f65aed5bbbd076f1c137a55f94127
SSDEEP

6144:Tl8KWs/bWq+nR6xtEstSlckJ4OUSccLU4968TI+RjoS7:Tl837cCHJrccvZPRjoS7

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3668-0-0x0000000000400000-0x000000000050C000-memory.dmp	upx
behavioral2/memory/3668-12-0x0000000000400000-0x000000000050C000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4f686d5d4a8a202e7e2d78312f91c0f57fd2a5f286216d9156757659382af016.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3668	4f686d5d4a8a202e7e2d78312f91c0f57fd2a5f286216d9156757659382af016.exe
3668	4f686d5d4a8a202e7e2d78312f91c0f57fd2a5f286216d9156757659382af016.exe

C:\Users\Admin\AppData\Local\Temp\4f686d5d4a8a202e7e2d78312f91c0f57fd2a5f286216d9156757659382af016.exe
"C:\Users\Admin\AppData\Local\Temp\4f686d5d4a8a202e7e2d78312f91c0f57fd2a5f286216d9156757659382af016.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4400,i,3210801877307184477,8078594481454001567,262144 --variations-seed-version --mojo-platform-channel-handle=4236 /prefetch:8
1⤵
PID:5072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\GetRightToGo\4f686d5d4a8a202e7e2d78312f91c0f57fd2a5f286216d9156757659382af016.data

Filesize
1KB

MD5
6bf2b5f131d66d8c0e92ff9160316854

SHA1
c3a3324bb3c433e8a12ece922fcf0f9bcc969872

SHA256
0d8121bd0684e46bb79a6a0f0ee043dc770fae3bbbebc10a83c116eb6a203d36

SHA512
c30f26df400669e3124840007cd077fe8cd68a369488b21e92f25fad7124866836dd590bf0deeac3914df4fec3d69d6bda893f65938a891f6d1c32e5abe2bdf0

Download Submit
memory/3668-0-0x0000000000400000-0x000000000050C000-memory.dmp

Filesize
1.0MB

Download
memory/3668-12-0x0000000000400000-0x000000000050C000-memory.dmp

Filesize
1.0MB

Download