99ccd5971a03d24b8cd6f1766cd983d2642bbab4518e124b58842a9bf1aeb2a4

Analysis

max time kernel
110s
max time network
92s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
04-10-2024 23:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99ccd5971a03d24b8cd6f1766cd983d2642bbab4518e124b58842a9bf1aeb2a4N.exe
Size

83KB
MD5

20d9ed5a0d48aa93ae0de49ab659be10
SHA1

5122e8d4cf0589bd041a9e3fb3dc838c57b0503a
SHA256

99ccd5971a03d24b8cd6f1766cd983d2642bbab4518e124b58842a9bf1aeb2a4
SHA512

4f55fad60ff574908c6dfbe4baa6c78e7d9d5dfda9c919536dcf9542b404ab822f1b7722980bc62245d93612432fc6958492371be7f173646dff1288dc46c303
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+7K:LJ0TAz6Mte4A+aaZx8EnCGVu7

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1748-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1748-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1748-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x000b00000001202b-11.dat	upx
behavioral1/memory/1748-12-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1748-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	99ccd5971a03d24b8cd6f1766cd983d2642bbab4518e124b58842a9bf1aeb2a4N.exe

C:\Users\Admin\AppData\Local\Temp\99ccd5971a03d24b8cd6f1766cd983d2642bbab4518e124b58842a9bf1aeb2a4N.exe
"C:\Users\Admin\AppData\Local\Temp\99ccd5971a03d24b8cd6f1766cd983d2642bbab4518e124b58842a9bf1aeb2a4N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-sTwd7hL0f5sJl7Sr.exe

Filesize
83KB

MD5
9e7dee6ba881d9d2cd51909bafe0c176

SHA1
480214eca56e4ee0948ead1f4c37d98849b4bf11

SHA256
131b58c387d9cb95ee86f611568f161ce1c0c0cc9589aa70bbdbb4b2d07bd315

SHA512
ee1ee39160f3422dd3705ae406bf058f787a8c5d8ed23f6d896fb56fc286f1a494770553b14816fa0afc24f1caa6dbabd4a3875c46f8f65a4a63787c0ea82dca

Download Submit
memory/1748-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1748-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1748-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1748-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1748-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download