7a0445775046237df40e23d74284d12ccc75ef38187c1fcce8a9914c8a1b9eef

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a0445775046237df40e23d74284d12ccc75ef38187c1fcce8a9914c8a1b9eefN.exe
Size

83KB
MD5

15c8f31cdfc30ec1f2cbe797d2426dd0
SHA1

db9f9dc128734cd29a2aef4949b47a66e285c45a
SHA256

7a0445775046237df40e23d74284d12ccc75ef38187c1fcce8a9914c8a1b9eef
SHA512

d4f22392a4b383401bb62310e3fd3b6ee37094071759a6268722c60adf674e1f1b18990312089b9617943f8de749fd099a0d09051c4069720d6e493441324b16
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+XK:LJ0TAz6Mte4A+aaZx8EnCGVuX

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2144-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2144-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2144-7-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x000d000000012268-11.dat	upx
behavioral1/memory/2144-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2144-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7a0445775046237df40e23d74284d12ccc75ef38187c1fcce8a9914c8a1b9eefN.exe

C:\Users\Admin\AppData\Local\Temp\7a0445775046237df40e23d74284d12ccc75ef38187c1fcce8a9914c8a1b9eefN.exe
"C:\Users\Admin\AppData\Local\Temp\7a0445775046237df40e23d74284d12ccc75ef38187c1fcce8a9914c8a1b9eefN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-Fs8TbAwBggLKzeA5.exe

Filesize
83KB

MD5
3fcc222c93d6833cf2cdded00c4289a7

SHA1
09225b8cc1c3f077065e6182caa5536c049d06b1

SHA256
1499fcbca97226207d35b7b8c074592b3779838ac14583d3a55cff111ad6ae61

SHA512
d4e3ed2a073a43d32fcf58a79e68242370085b0625efbc79e1782d5a8aadf63377c97b58b765dc4bc1c1fddc1e1b47b06eb075bcebe95c2563666daa755b6686

Download Submit
memory/2144-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2144-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2144-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2144-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2144-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download