19acdb59b41293b81f135caadb1bd1a6daf48ff43a36e969da5902e3033fe23b

Analysis

max time kernel
111s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 04:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

19acdb59b41293b81f135caadb1bd1a6daf48ff43a36e969da5902e3033fe23bN.exe
Size

83KB
MD5

6492c5f973e8b4a80051ac04e0f0cea0
SHA1

3ad83462f2568ec090ff9f27a98aea87e53e2e88
SHA256

19acdb59b41293b81f135caadb1bd1a6daf48ff43a36e969da5902e3033fe23b
SHA512

fae9439819aeb14fe6ccdf9c06065e59a60e2186127d8afc0d357c003dbe17439a654b89e9dd8463194c67af6ae516133f6d88c7d7096cdb3fec835e2115bde8
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+yK:LJ0TAz6Mte4A+aaZx8EnCGVuy

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1032-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1032-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1032-4-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1032-8-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/files/0x000c000000023b6d-11.dat	upx
behavioral2/memory/1032-12-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1032-21-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	19acdb59b41293b81f135caadb1bd1a6daf48ff43a36e969da5902e3033fe23bN.exe

C:\Users\Admin\AppData\Local\Temp\19acdb59b41293b81f135caadb1bd1a6daf48ff43a36e969da5902e3033fe23bN.exe
"C:\Users\Admin\AppData\Local\Temp\19acdb59b41293b81f135caadb1bd1a6daf48ff43a36e969da5902e3033fe23bN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-7Xn2OqjXByaWztzm.exe

Filesize
83KB

MD5
b42ffa277b3a51889f4f20be1109584c

SHA1
5944fb4d215d92af921f4a6a9f2c94ac563560fb

SHA256
b47affa8bbf9dff0aadbb0cf550166e8220f593e70aad99ba99bea0d4110987f

SHA512
9c78da1760dc051fd067cf114287df2daadede1b157d6f04a383dcc202acfbe370d6bd1de7d2dcf6a9dc542269af14e4af8fee9df14b0dff609f7714bf8ca911

Download Submit
memory/1032-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1032-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1032-4-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1032-8-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1032-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1032-21-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download