2ea8bc8c2dbbcc9bc0cb9af9a47bd585d3280d1f1af734ba4e7cd7af7d398698

Analysis

max time kernel
110s
max time network
93s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/09/2024, 18:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2ea8bc8c2dbbcc9bc0cb9af9a47bd585d3280d1f1af734ba4e7cd7af7d398698N.exe
Size

83KB
MD5

ddeeee1d18b6f32ea90a3c5d4f0a9250
SHA1

7c0d2f52373bd45093fcc34b12a4958cce6dbee4
SHA256

2ea8bc8c2dbbcc9bc0cb9af9a47bd585d3280d1f1af734ba4e7cd7af7d398698
SHA512

468ee798433bcb3d738b37056d7e49eb0d6942b74c19ac48f52d8ef2e83c2ac9418a8b86ffc8405b0794e196ea5a15ffa195e96087403f77b4a3d1830e18dba4
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+3K:LJ0TAz6Mte4A+aaZx8EnCGVu3

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2756-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2756-2-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2756-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2756-9-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0004000000004ed7-13.dat	upx
behavioral1/memory/2756-16-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2756-23-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ea8bc8c2dbbcc9bc0cb9af9a47bd585d3280d1f1af734ba4e7cd7af7d398698N.exe

C:\Users\Admin\AppData\Local\Temp\2ea8bc8c2dbbcc9bc0cb9af9a47bd585d3280d1f1af734ba4e7cd7af7d398698N.exe
"C:\Users\Admin\AppData\Local\Temp\2ea8bc8c2dbbcc9bc0cb9af9a47bd585d3280d1f1af734ba4e7cd7af7d398698N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-N3SkdC5AoY0ilYIF.exe

Filesize
83KB

MD5
3766ad1f7035ad88b6e68724e79be1cf

SHA1
c131d1269cb316fd30e8923a98bf2ad4b899cb23

SHA256
7388fe13119334012a63c5bde76d8a0dc8b5f19217e88473b5722365ebc5ddd4

SHA512
57a656ea221a6536620988d2c5dd70e71712f8fad33d2134a7d39ea52c02d06a18716019b2d353ee86d0f284134fbc83377c8be57260a5acaedabfe06df868a6

Download Submit
memory/2756-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2756-2-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2756-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2756-9-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2756-16-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2756-23-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download