28fba658b7ca6f1bb4b8b16c5621fb6017c73b27ba3c4b729faf3cfb8bb64b84

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10-10-2024 15:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28fba658b7ca6f1bb4b8b16c5621fb6017c73b27ba3c4b729faf3cfb8bb64b84N.exe
Size

83KB
MD5

90dd810a6245a35a5d3f3ab177ddee60
SHA1

ba0868c77fc3cacefc3e0ce49fb853d0f8e09dc2
SHA256

28fba658b7ca6f1bb4b8b16c5621fb6017c73b27ba3c4b729faf3cfb8bb64b84
SHA512

65a01d886e39f385e805bf5ce66cd9b0787551eb0d2005ba28e612617704d560c362a2409c9d488b9504c1db951af1237d5cea249056ceede28fa27fbd1dc9ab
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+jK:LJ0TAz6Mte4A+aaZx8EnCGVuj

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2640-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2640-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2640-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0006000000010300-11.dat	upx
behavioral1/memory/2640-12-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2640-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	28fba658b7ca6f1bb4b8b16c5621fb6017c73b27ba3c4b729faf3cfb8bb64b84N.exe

C:\Users\Admin\AppData\Local\Temp\28fba658b7ca6f1bb4b8b16c5621fb6017c73b27ba3c4b729faf3cfb8bb64b84N.exe
"C:\Users\Admin\AppData\Local\Temp\28fba658b7ca6f1bb4b8b16c5621fb6017c73b27ba3c4b729faf3cfb8bb64b84N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-JTKd47tBmK22AvxL.exe

Filesize
83KB

MD5
60521f08481b61d94a9a8402e133c73f

SHA1
d77fb500127064775cefe6fc81d2bc807761edbc

SHA256
695ba9feb1aa6ef9d409f8bd241394b9b82219b7e179963a01be41c85034fae6

SHA512
ca6b594bcc9aec7b1068515303acda9b7449e26de48283a85a858ca62a6c94ac62850269b4e871af19d9093bd9ad1272b81a0603f9fb3320fa5582126aab83dc

Download Submit
memory/2640-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2640-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2640-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2640-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2640-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download