46dd53b5c2f4e3932c7fe38f2f4984e06b3b63242b37f6fc98c932587fc69f2d

Analysis

max time kernel
110s
max time network
92s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
30/09/2024, 06:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

46dd53b5c2f4e3932c7fe38f2f4984e06b3b63242b37f6fc98c932587fc69f2dN.exe
Size

83KB
MD5

4508b9f66abf517ee7ad848285f3ef10
SHA1

b0d243a99db0d744f4b2d9576bac756020e1e9e5
SHA256

46dd53b5c2f4e3932c7fe38f2f4984e06b3b63242b37f6fc98c932587fc69f2d
SHA512

a2d5cb5d5336f31bca98abd09debced714dea82c40ae7994239ac2f8ecb512219ab23a7c371e0b735b8f50a4a57ec11c2a89e4ea16f9aa8bd8d545fb96486117
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+pK:LJ0TAz6Mte4A+aaZx8EnCGVup

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3012-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/3012-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/3012-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-11.dat	upx
behavioral1/memory/3012-12-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/3012-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	46dd53b5c2f4e3932c7fe38f2f4984e06b3b63242b37f6fc98c932587fc69f2dN.exe

C:\Users\Admin\AppData\Local\Temp\46dd53b5c2f4e3932c7fe38f2f4984e06b3b63242b37f6fc98c932587fc69f2dN.exe
"C:\Users\Admin\AppData\Local\Temp\46dd53b5c2f4e3932c7fe38f2f4984e06b3b63242b37f6fc98c932587fc69f2dN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-FeW2hUz3ZgqbjzQU.exe

Filesize
83KB

MD5
5f6ab9d2eed85cba42a19c66733cdb0f

SHA1
0fc6f66954d380a35447d5e5bc38ed9e94a9a12b

SHA256
45b240605493e3698a9d3ad2a31a9b0a1862c828131a0d6d1688804115dedb87

SHA512
46425f16e6caaed6924497970832cb4e6a3372020c80d6ad51aa43d0fd39f0a293d95a46264b2e5ea5f7428e6a531359fb82487752444e8b6bc800d4aae6f38b

Download Submit
memory/3012-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3012-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3012-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3012-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3012-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download