5d61ea26cec0a693d09f0810dd8a98317358ec049fadf3b89e6d8dadae16674d

Analysis

max time kernel
94s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d61ea26cec0a693d09f0810dd8a98317358ec049fadf3b89e6d8dadae16674dN.exe
Size

236KB
MD5

d1698c680c3cfe45afe9fcaa81cb51e0
SHA1

7905e1e73156221da8d2c64b9cf040b57602d9cf
SHA256

5d61ea26cec0a693d09f0810dd8a98317358ec049fadf3b89e6d8dadae16674d
SHA512

ae0b142671b9050d2a43b7ca81c9dd623eb7a88383dabc996bdcb8e1a2d1cfe5fb65fae9f1b0a08bb7acab46a126a8705e3169d921e5db70f62a65ba07bfa253
SSDEEP

3072:ZJ0Bs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/+/FnncroP9:jwDeM7iNEkgiOb31k1ECwJ/F

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3240-0-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral2/memory/3240-1-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral2/files/0x00080000000234d0-7.dat	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5d61ea26cec0a693d09f0810dd8a98317358ec049fadf3b89e6d8dadae16674dN.exe

C:\Users\Admin\AppData\Local\Temp\5d61ea26cec0a693d09f0810dd8a98317358ec049fadf3b89e6d8dadae16674dN.exe
"C:\Users\Admin\AppData\Local\Temp\5d61ea26cec0a693d09f0810dd8a98317358ec049fadf3b89e6d8dadae16674dN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-tLveASD9NJIaC9MP.exe

Filesize
236KB

MD5
b8d6aabc2cbee2e24082be7ac88a9531

SHA1
d101b8ad932ee170cebd03c915902676fa5b5210

SHA256
de6f62956ccad0e607c5cd7fc0fe650b2ef8bf62df8bd6c2dfa60ad89370a1cd

SHA512
4bccdc88d7087bdb13a43f84ec1eaa8c88d2972a852ef79298674a32c8aca4adfd51236ae97d83b2c9f52a63068bc325521da5882df1b8af5252d634a88a30a4

Download Submit
memory/3240-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3240-1-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download