4bcfee0d38d4044ed8542c9aa713bcfab0ebf6ffd8ed70fd6c864c4c33fe1a27

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/09/2024, 19:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4bcfee0d38d4044ed8542c9aa713bcfab0ebf6ffd8ed70fd6c864c4c33fe1a27N.exe
Size

83KB
MD5

2be83d9041724d519cb9b968aa8ebc30
SHA1

4d248ccfd789f371c618ca140a8b9319317c20ca
SHA256

4bcfee0d38d4044ed8542c9aa713bcfab0ebf6ffd8ed70fd6c864c4c33fe1a27
SHA512

1a026ceaae549d3666984913a7187eaf9a2069ea5e274acf7250e6a1fcea94d072eafc0672373836c2eb6a32029a37ef850491f8846426d2647011eacaf5d14a
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+KK:LJ0TAz6Mte4A+aaZx8EnCGVuK

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1708-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1708-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1708-4-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1708-8-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-12.dat	upx
behavioral1/memory/1708-15-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1708-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4bcfee0d38d4044ed8542c9aa713bcfab0ebf6ffd8ed70fd6c864c4c33fe1a27N.exe

C:\Users\Admin\AppData\Local\Temp\4bcfee0d38d4044ed8542c9aa713bcfab0ebf6ffd8ed70fd6c864c4c33fe1a27N.exe
"C:\Users\Admin\AppData\Local\Temp\4bcfee0d38d4044ed8542c9aa713bcfab0ebf6ffd8ed70fd6c864c4c33fe1a27N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-gLr4hkD3o9GeoCR1.exe

Filesize
83KB

MD5
0f3af11fa957bcd556d01fab15f4d966

SHA1
cfb7e76184e50ec4e9e9d5d79d44b60747a3dbdf

SHA256
80adf70e4a8041262eca7be0b5745e7955fbf36572fb57502eb9cb5b679e6d03

SHA512
657245290d7c2882bef8046cd8059c0073e2d9bfa28d19a0ca6536f68ebe31128bb48f7e00460da0ce12a96df5d6860261d4c5213a005cd0e35df355af52b5d7

Download Submit
memory/1708-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1708-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1708-4-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1708-8-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1708-15-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1708-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download