dcc71d126d7339bf7a0252ab4731818b6292b7761f1bfb4100bace30658786ca

Analysis

max time kernel
105s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2024, 11:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dcc71d126d7339bf7a0252ab4731818b6292b7761f1bfb4100bace30658786ca.exe
Size

82KB
MD5

84a638c3ec4e2e71719eae9784eabcae
SHA1

8fface8aaa5939539107a3162b560d2b6690c2c1
SHA256

dcc71d126d7339bf7a0252ab4731818b6292b7761f1bfb4100bace30658786ca
SHA512

fcdb95a11a83d08d111265f4121604b8815f72b92a09ff1b99b00329dabdf78b4ee2624963356d9c5ed280cba8ec68ea911b276165834accda5b5b2ffba03db7
SSDEEP

1536:uJD2zPCT1VVdsvNzYVF1MXC0jkiW/77PiOlYO/EfR5kFMNweqGd5f75p:C081jdsvCMX3jkh/364hJFMNweNd5f73

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2088-0-0x0000000000400000-0x0000000000442200-memory.dmp	upx
behavioral2/memory/2088-12-0x0000000000400000-0x0000000000442200-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dcc71d126d7339bf7a0252ab4731818b6292b7761f1bfb4100bace30658786ca.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2088	dcc71d126d7339bf7a0252ab4731818b6292b7761f1bfb4100bace30658786ca.exe

C:\Users\Admin\AppData\Local\Temp\dcc71d126d7339bf7a0252ab4731818b6292b7761f1bfb4100bace30658786ca.exe
"C:\Users\Admin\AppData\Local\Temp\dcc71d126d7339bf7a0252ab4731818b6292b7761f1bfb4100bace30658786ca.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Bugreport_error.ini

Filesize
107B

MD5
e37503ae5047132dd6ca75e1f0a88e84

SHA1
f33cb150d454a51b5537d37613a8db44d1882a74

SHA256
66b77f659435fd175e6f11c09a8b83a6640112e92df9d38c96864fffb99d2917

SHA512
c919257c0db4f82551dfb508761ec7b83555a030011ef6a155df25e92a8002a337570567a4b0f3e0af30d6f70c12530f03c54b058cebbb5389473844f69e2ae2

Download Submit
memory/2088-0-0x0000000000400000-0x0000000000442200-memory.dmp

Filesize
264KB

Download
memory/2088-12-0x0000000000400000-0x0000000000442200-memory.dmp

Filesize
264KB

Download