60accfd86576fab584123b2bc9c73965838cc6eaa90db4c142717ffc26618a9c

Analysis

max time kernel
110s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/10/2024, 02:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

60accfd86576fab584123b2bc9c73965838cc6eaa90db4c142717ffc26618a9cN.exe
Size

83KB
MD5

a2a2df2129660fa0b595c54a1b158d00
SHA1

34cc730daaa183ab455f83fe04b02e23a21ffd17
SHA256

60accfd86576fab584123b2bc9c73965838cc6eaa90db4c142717ffc26618a9c
SHA512

e42b67fb41d70f9be2966c51d54c431212c3dbf8b1b2747c6ec2f434bff92472d70d71d4d03a9b51154d05e56a835e1358810ae1f0530c551c35836373d17f8b
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+CK:LJ0TAz6Mte4A+aaZx8EnCGVuC

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4764-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4764-2-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4764-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/files/0x00080000000234f6-12.dat	upx
behavioral2/memory/4764-15-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4764-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	60accfd86576fab584123b2bc9c73965838cc6eaa90db4c142717ffc26618a9cN.exe

C:\Users\Admin\AppData\Local\Temp\60accfd86576fab584123b2bc9c73965838cc6eaa90db4c142717ffc26618a9cN.exe
"C:\Users\Admin\AppData\Local\Temp\60accfd86576fab584123b2bc9c73965838cc6eaa90db4c142717ffc26618a9cN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-5AaspirUgZv5Josz.exe

Filesize
83KB

MD5
cd0b3405ce538f0f4a4e08ffdcce03ce

SHA1
18e67b697081562207d03fa6b944755f9a47505f

SHA256
a9861b90fa19e3b25e362839260d295ddafec2a6860027728becf72e927dc6e5

SHA512
37474bc3cd4c6eb21cb7f13ea67f027e4430404d76e656d51ad117e06bded8433bbe79f277bb0d69cde0b7b40faa1ef668c5c136c03934f82e690c9179b391a7

Download Submit
memory/4764-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4764-2-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4764-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4764-15-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4764-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download