4d7e102c0d00b7c2dfd2140ed8e3fb4e06665d2dfbd6a987ea4b11a20b63b94b

Analysis

max time kernel
110s
max time network
91s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
10/10/2024, 13:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4d7e102c0d00b7c2dfd2140ed8e3fb4e06665d2dfbd6a987ea4b11a20b63b94bN.exe
Size

83KB
MD5

ec0a9afc63325568fddf21218d7ef070
SHA1

dda3977154e795fc1e1c8e9b7d36a203f4b4af12
SHA256

4d7e102c0d00b7c2dfd2140ed8e3fb4e06665d2dfbd6a987ea4b11a20b63b94b
SHA512

83a73f60c32e42b7671307ae131f47d0035ed4efd4875d444f1cfb2c78ab232c72a90689d1fdfc2aa6244f4837740916874c144cbabc1774f1e5805b31364cab
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+DK:LJ0TAz6Mte4A+aaZx8EnCGVuD

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2296-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2296-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2296-7-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x00090000000120fd-11.dat	upx
behavioral1/memory/2296-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2296-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4d7e102c0d00b7c2dfd2140ed8e3fb4e06665d2dfbd6a987ea4b11a20b63b94bN.exe

C:\Users\Admin\AppData\Local\Temp\4d7e102c0d00b7c2dfd2140ed8e3fb4e06665d2dfbd6a987ea4b11a20b63b94bN.exe
"C:\Users\Admin\AppData\Local\Temp\4d7e102c0d00b7c2dfd2140ed8e3fb4e06665d2dfbd6a987ea4b11a20b63b94bN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-BdogheWl8VvBc9eu.exe

Filesize
83KB

MD5
1da56d456ab75879b848b324ab9fe001

SHA1
a7fcb403a509f3a6d5c27e398948132b6fff1ee5

SHA256
67fda7cba91fff5ddd77a52f252cd02c282946cc9aeb675a5419f81908d97c31

SHA512
15b90ccfb9b0ca930e84b990737ad5f86fc4746c2a2c666062c29d487e072012e08e8f5df0550a6f463972468f5180ac32e9f892e719f66fb1410a138d8e3e99

Download Submit
memory/2296-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2296-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2296-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2296-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2296-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download