6312717f0c9184b3a48e3f7297ec038ae41d6d9c8067ce023e46d7ea5538642f

Analysis

max time kernel
110s
max time network
93s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-10-2024 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6312717f0c9184b3a48e3f7297ec038ae41d6d9c8067ce023e46d7ea5538642fN.exe
Size

83KB
MD5

d16b8c08e6681e8b2dc49c837487d800
SHA1

bea34f29a88a56b9ed11bf8c3674437ee8c01c55
SHA256

6312717f0c9184b3a48e3f7297ec038ae41d6d9c8067ce023e46d7ea5538642f
SHA512

044c9b653e51de63554e958629d0f13c1fb465a664417f9bdcd2efafdca02c2780e2ea7cbe5e455aaf72fa6bf72a94eea1817dcc2d0da8583dc1d3bad13dd468
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+8K:LJ0TAz6Mte4A+aaZx8EnCGVu8

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2468-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2468-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2468-7-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-11.dat	upx
behavioral1/memory/2468-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2468-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6312717f0c9184b3a48e3f7297ec038ae41d6d9c8067ce023e46d7ea5538642fN.exe

C:\Users\Admin\AppData\Local\Temp\6312717f0c9184b3a48e3f7297ec038ae41d6d9c8067ce023e46d7ea5538642fN.exe
"C:\Users\Admin\AppData\Local\Temp\6312717f0c9184b3a48e3f7297ec038ae41d6d9c8067ce023e46d7ea5538642fN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-hr5ECAKAOqMzRssU.exe

Filesize
83KB

MD5
7f1fbd595e8d95f417e246f71277a42c

SHA1
5ad60a454d9cafa8855819827d3612ae74680d0e

SHA256
7e86985b4d2a5f43b53a784dcc8c7b43b2a6184012643199a0b8b5f9ad3bdc0b

SHA512
f7cd5c4842c140bff1b9485cc79496490fd42ad411434c0ccecd1f3932094a5fb5b7e1422bfe280398f9f84b51ee8b9b2d95c653ed8965b8913f658694f64c13

Download Submit
memory/2468-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2468-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2468-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2468-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2468-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download