54849b17ecb70e131749896ab7808045def2242ca657d2d55f099bd679ac6c30

Analysis

max time kernel
110s
max time network
95s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/10/2024, 19:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54849b17ecb70e131749896ab7808045def2242ca657d2d55f099bd679ac6c30N.exe
Size

236KB
MD5

372ad6fe5725746a3c4edbbd18b56b60
SHA1

a63eda096271ab5d0f8712bedec68a00db7099ce
SHA256

54849b17ecb70e131749896ab7808045def2242ca657d2d55f099bd679ac6c30
SHA512

68da807d6db011dbe3684f3ede4d7583bede8160308799e64d99e233e086befc2b0c866bf90cbc4454d89914c0ed25f562a0ccb5a3568b2dc5ed1684a2150cb0
SSDEEP

3072:lJ0Bs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/v/FnncroP9:vwDeM7iNEkgiOb31k1ECfJ/F

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2212-0-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral1/memory/2212-1-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral1/files/0x002f000000019203-7.dat	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	54849b17ecb70e131749896ab7808045def2242ca657d2d55f099bd679ac6c30N.exe

C:\Users\Admin\AppData\Local\Temp\54849b17ecb70e131749896ab7808045def2242ca657d2d55f099bd679ac6c30N.exe
"C:\Users\Admin\AppData\Local\Temp\54849b17ecb70e131749896ab7808045def2242ca657d2d55f099bd679ac6c30N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-HahJCfJuX9PDtx1B.exe

Filesize
236KB

MD5
30369d5c9bcfe8910811d1121ca5e291

SHA1
c707c77d810abdd3e9bfdcb11bf53bc98d2c9627

SHA256
4cf28abd15981fac9866764a14d72519f85dff4c1e6d4837b43d5f1b348f4def

SHA512
1ebc9946d2881c8f4857c0cb568d20d6a00d38de25fa8b6fe4d7cba1b37af63e7d587bb8ad6bb3d87ebb6e64c390e75a1c6f6c3df24d57218a965ce3dc25dfc9

Download Submit
memory/2212-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2212-1-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download