5d61ea26cec0a693d09f0810dd8a98317358ec049fadf3b89e6d8dadae16674d

Analysis

max time kernel
92s
max time network
97s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/09/2024, 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d61ea26cec0a693d09f0810dd8a98317358ec049fadf3b89e6d8dadae16674dN.exe
Size

236KB
MD5

d1698c680c3cfe45afe9fcaa81cb51e0
SHA1

7905e1e73156221da8d2c64b9cf040b57602d9cf
SHA256

5d61ea26cec0a693d09f0810dd8a98317358ec049fadf3b89e6d8dadae16674d
SHA512

ae0b142671b9050d2a43b7ca81c9dd623eb7a88383dabc996bdcb8e1a2d1cfe5fb65fae9f1b0a08bb7acab46a126a8705e3169d921e5db70f62a65ba07bfa253
SSDEEP

3072:ZJ0Bs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/+/FnncroP9:jwDeM7iNEkgiOb31k1ECwJ/F

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2208-0-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral1/memory/2208-1-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral1/files/0x0026000000016fea-7.dat	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5d61ea26cec0a693d09f0810dd8a98317358ec049fadf3b89e6d8dadae16674dN.exe

C:\Users\Admin\AppData\Local\Temp\5d61ea26cec0a693d09f0810dd8a98317358ec049fadf3b89e6d8dadae16674dN.exe
"C:\Users\Admin\AppData\Local\Temp\5d61ea26cec0a693d09f0810dd8a98317358ec049fadf3b89e6d8dadae16674dN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-bhccFaBDRLn50a80.exe

Filesize
236KB

MD5
17fc9d8412f9fa2a3ca7c1b0dc1dd837

SHA1
ef487c8c75c0f134ee0c83dab097896e0418065e

SHA256
821e86d3fc129ff79ef80a876b497699be8a5c79d188efdbaab7e0a4db5c7af2

SHA512
aa83126b60e987871fbd6f7fc8d91f5858177c416c05049a6e87bcf9ca6b7afb70ba77122a7ad61a0b75ecb682f20df9ec23d14cf175937f17cb3ba1fa08959d

Download Submit
memory/2208-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2208-1-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download