fc267e8bfaab9e6290d4eafa929ea74db7bb10923e763d88b577e06b90190d34

Analysis

max time kernel
111s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-10-2024 06:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc267e8bfaab9e6290d4eafa929ea74db7bb10923e763d88b577e06b90190d34N.exe
Size

83KB
MD5

95952633e4ed3f83a565bc9e64836e30
SHA1

09e6294612696f615e5f8cab728c79ee4ef23918
SHA256

fc267e8bfaab9e6290d4eafa929ea74db7bb10923e763d88b577e06b90190d34
SHA512

31eeca361b03d8d295b9a268d54d98213a89f10515041160cf7df742711051a8a671444e7d473882e0b34932547f8c508fa9f83f88a477b75b5c34f56e3e61f3
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+zK:LJ0TAz6Mte4A+aaZx8EnCGVuz

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1532-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1532-2-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1532-6-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/files/0x000800000002344e-12.dat	upx
behavioral2/memory/1532-13-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1532-23-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fc267e8bfaab9e6290d4eafa929ea74db7bb10923e763d88b577e06b90190d34N.exe

C:\Users\Admin\AppData\Local\Temp\fc267e8bfaab9e6290d4eafa929ea74db7bb10923e763d88b577e06b90190d34N.exe
"C:\Users\Admin\AppData\Local\Temp\fc267e8bfaab9e6290d4eafa929ea74db7bb10923e763d88b577e06b90190d34N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-d0D9J9zD7oicaBvg.exe

Filesize
83KB

MD5
345d23e709e2a4c73ba8759ea14cf33f

SHA1
0d5f6a012988b2dac5cc8aed2a5ff88a4bd431a8

SHA256
1929e5f360cbed068408df73b270c1e557554aacce3cff0353a2b1e78b43e7d9

SHA512
9ee908f91e03a82fdb66aeaf2ee367ad549cf48cc44be5799599fe45d1a5ba730e3c86429587b02dad7f3a2bc5e9f20b6a21ac929c755f3bbf7d9c97ac337545

Download Submit
memory/1532-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1532-2-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1532-6-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1532-13-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1532-23-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download