dc3277701fa6fdf3afd00ccc8c1a1f2cabf5d6300751ab3d600b47d4d0a9cc07

Analysis

max time kernel
110s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2024, 21:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc3277701fa6fdf3afd00ccc8c1a1f2cabf5d6300751ab3d600b47d4d0a9cc07N.exe
Size

83KB
MD5

9737e48642bc5ab60a65e1836271f5e0
SHA1

c176708c39d7f4320c35716640023cda702c9f24
SHA256

dc3277701fa6fdf3afd00ccc8c1a1f2cabf5d6300751ab3d600b47d4d0a9cc07
SHA512

dc12d925d918be122894d89d13ce9ae32fc5ef1fd19b2ed0f87611fa64d44e5585566fb5b6f0934242fb56ec609a2bef56d9eca8a54bd30b75dc560062904867
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+OK:LJ0TAz6Mte4A+aaZx8EnCGVuO

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2992-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/2992-2-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/2992-6-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/files/0x000e00000001e580-12.dat	upx
behavioral2/memory/2992-15-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/2992-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc3277701fa6fdf3afd00ccc8c1a1f2cabf5d6300751ab3d600b47d4d0a9cc07N.exe

C:\Users\Admin\AppData\Local\Temp\dc3277701fa6fdf3afd00ccc8c1a1f2cabf5d6300751ab3d600b47d4d0a9cc07N.exe
"C:\Users\Admin\AppData\Local\Temp\dc3277701fa6fdf3afd00ccc8c1a1f2cabf5d6300751ab3d600b47d4d0a9cc07N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-Sk4ieg2efzhJlKPQ.exe

Filesize
83KB

MD5
3fed4d2deb188796998512a99edd779b

SHA1
be7c03cae87a14a675541bc9f08647eff139dde3

SHA256
8a1e66b079009785dc753382e7292802e13d14256c5d4707cb20858158986b2b

SHA512
c8a8201eae51a603cc368f33bffd403ecf2073bbe7b51aec89ed329de07355730e7c45257966f059367c997c81d50995a24108ffd0bd82d25b640908dcef555e

Download Submit
memory/2992-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2992-2-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2992-6-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2992-15-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2992-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download