7b9c4f749ef3287edaac17c41a753146e945a286220a201f9dfa706b6d8b5eec

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 02:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b9c4f749ef3287edaac17c41a753146e945a286220a201f9dfa706b6d8b5eecN.exe
Size

236KB
MD5

bb6dda560800027268d605c134c94ff0
SHA1

d4290f35f0aac726337a76fb3c9ae356ffba6cd7
SHA256

7b9c4f749ef3287edaac17c41a753146e945a286220a201f9dfa706b6d8b5eec
SHA512

f52bd53edda883da8f84b76484038444b5e0a3b6ab3acbd338c28b704407bf30d97ce61d37611cd0f7303db4f382a8acf02b5ace3a8d9bbdfeae0a6339faeaa0
SSDEEP

3072:sJ0Bs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/z/FnncroP9:wwDeM7iNEkgiOb31k1ECDJ/F

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2344-0-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral1/memory/2344-1-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-7.dat	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7b9c4f749ef3287edaac17c41a753146e945a286220a201f9dfa706b6d8b5eecN.exe

C:\Users\Admin\AppData\Local\Temp\7b9c4f749ef3287edaac17c41a753146e945a286220a201f9dfa706b6d8b5eecN.exe
"C:\Users\Admin\AppData\Local\Temp\7b9c4f749ef3287edaac17c41a753146e945a286220a201f9dfa706b6d8b5eecN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-gFc2Dny7AlLbniyk.exe

Filesize
236KB

MD5
7de9e5847551488bc2726c75876e1d77

SHA1
46316fb2cae3da3fd8cfda3b1dba77172a976da9

SHA256
a11bb93eb8db44aec1167f901814029199251da9bc43490ec960e86f0ff8a049

SHA512
5077df351702fb6fc11494e70eadeef02033793683d355ee6c389d3ff675d6a7e21e98a61e7d675a1360671c0f0ea339ca7a2ab19d4524e434f622657e24abce

Download Submit
memory/2344-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2344-1-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download