0c9ee4c8167d0ffe4e0d4416a0375a9cac4de162e9772a5f03f62c0e83d572fa

Analysis

max time kernel
111s
max time network
98s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 14:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c9ee4c8167d0ffe4e0d4416a0375a9cac4de162e9772a5f03f62c0e83d572faN.exe
Size

83KB
MD5

20ffd51e2dc9cd141c11041e4c774050
SHA1

7c8631278441312f6ea45af7f90c9141dd1d3665
SHA256

0c9ee4c8167d0ffe4e0d4416a0375a9cac4de162e9772a5f03f62c0e83d572fa
SHA512

b2ce482f1e13bca8464aafc157a36f76dfa110f17fbc2d33fc4c2ff376af62d5041b34dcd032a4ce12183a0148d50a25240b25d939810c6d974c8a484aa1df23
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+oK:LJ0TAz6Mte4A+aaZx8EnCGVuo

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2704-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2704-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2704-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x001500000000f6b0-11.dat	upx
behavioral1/memory/2704-12-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2704-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0c9ee4c8167d0ffe4e0d4416a0375a9cac4de162e9772a5f03f62c0e83d572faN.exe

C:\Users\Admin\AppData\Local\Temp\0c9ee4c8167d0ffe4e0d4416a0375a9cac4de162e9772a5f03f62c0e83d572faN.exe
"C:\Users\Admin\AppData\Local\Temp\0c9ee4c8167d0ffe4e0d4416a0375a9cac4de162e9772a5f03f62c0e83d572faN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-PMzq67R29xM7U1d9.exe

Filesize
83KB

MD5
74ce6a03f02bd22fac05ffd5b647899d

SHA1
80885b7de738b18c3b06d5503e21d06d1671a418

SHA256
4a7474521dc5f72075d8abd016ee3584d3a5cad1bb16693f6e2b539cd06c5b07

SHA512
09d00d974646451921553eb13af1d9977ec379c787766f60124ba1873e94510fde6fdd80a03e4726e30f0ebe85220dca58fedf0ac3ea20edb7529a5f63c27be3

Download Submit
memory/2704-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2704-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2704-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2704-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2704-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download