9866c07b189438d9b1200044da8b576a83114dee1ceb39e5eada414f572f3c39

Analysis

max time kernel
92s
max time network
99s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 22:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9866c07b189438d9b1200044da8b576a83114dee1ceb39e5eada414f572f3c39N.exe
Size

236KB
MD5

32c358768f3be2d2d8e599b8d9a86380
SHA1

3ab652ba82eb5a266ae95a9c5ad9e93a0f9d04e2
SHA256

9866c07b189438d9b1200044da8b576a83114dee1ceb39e5eada414f572f3c39
SHA512

c7248f2f0ca00ce47a4978016d81b96738fd19bb80b5c6637d893e7b2cac0b1561974e11c1b7d27d7537fadc0fc71dc2eeb0cc597e1fba76bab4529658b7fa00
SSDEEP

3072:KJ0Bs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/Z/FnncroP9:ewDeM7iNEkgiOb31k1ECVJ/F

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2952-0-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral1/memory/2952-1-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral1/files/0x000b000000012250-7.dat	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9866c07b189438d9b1200044da8b576a83114dee1ceb39e5eada414f572f3c39N.exe

C:\Users\Admin\AppData\Local\Temp\9866c07b189438d9b1200044da8b576a83114dee1ceb39e5eada414f572f3c39N.exe
"C:\Users\Admin\AppData\Local\Temp\9866c07b189438d9b1200044da8b576a83114dee1ceb39e5eada414f572f3c39N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-9RNPCC2RmIr8ctrK.exe

Filesize
236KB

MD5
0323f4c5e50a8e4d14764490a73a78c4

SHA1
1621d808219f33cc5d3ad448b783950be5ab1443

SHA256
ca17650311974e17fa1251691b53ce0c78366baa4a7f37ab9070d66c9220f225

SHA512
1cbba9b94550374ff58fe58502630f639a6cfb2e183dd2be12cf3c8ad0d4b37ecbee14e3591cb227a7add04c4255de53d201e3de74cb73e7265230ded1218df1

Download Submit
memory/2952-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2952-1-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download