6c990da260c02f8a1e2fd882d9247edfaf7449e53a18a221143b99f32c075bd0

Analysis

max time kernel
111s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/10/2024, 07:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c990da260c02f8a1e2fd882d9247edfaf7449e53a18a221143b99f32c075bd0N.exe
Size

83KB
MD5

f0e2056f78a9cb2658bfa2b2bdf9cc10
SHA1

c57df798c4705d4efe9fefced4c1ec92f2d8b1ac
SHA256

6c990da260c02f8a1e2fd882d9247edfaf7449e53a18a221143b99f32c075bd0
SHA512

18bda73c39b3b59131c83dd0d75bf578ded9f2b0d8d1a8b42cd7d3c24dac67ce56a4cac80ba8356759edbce8e82011c687a5d515255d34d4f101a46ada2caad3
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF++K:LJ0TAz6Mte4A+aaZx8EnCGVu+

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4060-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4060-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4060-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/files/0x002300000001e076-12.dat	upx
behavioral2/memory/4060-13-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4060-23-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6c990da260c02f8a1e2fd882d9247edfaf7449e53a18a221143b99f32c075bd0N.exe

C:\Users\Admin\AppData\Local\Temp\6c990da260c02f8a1e2fd882d9247edfaf7449e53a18a221143b99f32c075bd0N.exe
"C:\Users\Admin\AppData\Local\Temp\6c990da260c02f8a1e2fd882d9247edfaf7449e53a18a221143b99f32c075bd0N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-ttE7w7GyLnSQgeOs.exe

Filesize
83KB

MD5
d33d1c79730a92fcb6ccfcc23dd1d3fb

SHA1
cc7c1d1fb77a1029f17b0c7220002c82c7af77cc

SHA256
0ef9b49f45a53098611cc65006d217b14cc6c5b5356e7cba8b2b0c64572bebb3

SHA512
7d48dfbf8e0dd633f98dff3b02d3b950a77f3d00a91122e0efe80960881aeb69b15ef4aa6ec3695b286e0071ed18a6c56932d683f5df012201bb060ed4559256

Download Submit
memory/4060-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4060-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4060-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4060-13-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4060-23-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download