a7f39ec63e86be4b1a2d687deffe956268f64225711c07c9fbfcd0086ca7b42d

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 14:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a7f39ec63e86be4b1a2d687deffe956268f64225711c07c9fbfcd0086ca7b42dN.exe
Size

236KB
MD5

a3ff1588e6d389e6a1b19225f1197560
SHA1

a1cdeba1cc38934d07cf7200d8f88416d70d702a
SHA256

a7f39ec63e86be4b1a2d687deffe956268f64225711c07c9fbfcd0086ca7b42d
SHA512

186a7766144e513a7f1b518104dc80d8cf0b44acf8c1266bbe1dd1d9c4236b9f2bd7423a90191e197003721d5021cfc830cf56a3f4a654aa7cedd513751f7e4a
SSDEEP

3072:CJ0Bs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/R/FnncroP9:2wDeM7iNEkgiOb31k1ECdJ/F

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1960-0-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral1/memory/1960-1-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral1/files/0x00090000000120f9-7.dat	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a7f39ec63e86be4b1a2d687deffe956268f64225711c07c9fbfcd0086ca7b42dN.exe

C:\Users\Admin\AppData\Local\Temp\a7f39ec63e86be4b1a2d687deffe956268f64225711c07c9fbfcd0086ca7b42dN.exe
"C:\Users\Admin\AppData\Local\Temp\a7f39ec63e86be4b1a2d687deffe956268f64225711c07c9fbfcd0086ca7b42dN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-Ij4UjPu2v0mmA11L.exe

Filesize
236KB

MD5
f512b79cae3aabe7a4a08c5863befc9e

SHA1
dc6d114a7a42862e4c01b9fc4d4df5c2ce24a188

SHA256
4b4d68a33c20cdb2e848f5bd9c382a7c6abf7dfbf1a3de10c557291aacbef9e0

SHA512
1e16434ffa67595bda0df2357e763c64b9519c4cae0294a17725cc9fa5bb6884457abc9ee49daa97f4eff8729b4c5dfcd08342b259d777821f8f7b89988a43dd

Download Submit
memory/1960-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1960-1-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download