8da78b527f9d7bf19548c2d6c03fdc5214ed81f70eaa2091f545d00218abe6ed

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/10/2024, 10:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8da78b527f9d7bf19548c2d6c03fdc5214ed81f70eaa2091f545d00218abe6edN.exe
Size

83KB
MD5

b6f1c95436fd7061e31e144db8e866b0
SHA1

f1840597dc9c5a46521bd2f718ca74d74e5f7fdf
SHA256

8da78b527f9d7bf19548c2d6c03fdc5214ed81f70eaa2091f545d00218abe6ed
SHA512

874ac1fe358fc6806b04832ed80d52026199314e53e2aa519a01cd0a20f61cf6a686dd2e9617bb5d30fd1b8b3944cb2713d08b6ae5f0d6fff79dc827133beedf
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+WK:LJ0TAz6Mte4A+aaZx8EnCGVuW

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2532-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2532-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2532-4-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2532-8-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-12.dat	upx
behavioral1/memory/2532-15-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2532-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8da78b527f9d7bf19548c2d6c03fdc5214ed81f70eaa2091f545d00218abe6edN.exe

C:\Users\Admin\AppData\Local\Temp\8da78b527f9d7bf19548c2d6c03fdc5214ed81f70eaa2091f545d00218abe6edN.exe
"C:\Users\Admin\AppData\Local\Temp\8da78b527f9d7bf19548c2d6c03fdc5214ed81f70eaa2091f545d00218abe6edN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-h5lv13y9dtXEfBom.exe

Filesize
83KB

MD5
0514eea2fc952d6dfa37b36deb893635

SHA1
98713bff6215187a249f5c564e0edaf1b209265f

SHA256
1c00dc1e7c7009684f6fa760a1e72860eb451443494200316c38e5732d113db9

SHA512
91e719550a39a25af863a2b4891b09206f6ee14e760d7350c937006e0b778543e46ee1180046ae3f5cee153e235e53d6944e71b05b3f9e3c555eaafe7faa7511

Download Submit
memory/2532-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2532-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2532-4-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2532-8-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2532-15-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2532-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download