4478ed60d5e231bc53593b465e2f700a91a0e49e4cc8645e709c300f5aa4ceeb

Analysis

max time kernel
110s
max time network
91s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
11/10/2024, 22:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4478ed60d5e231bc53593b465e2f700a91a0e49e4cc8645e709c300f5aa4ceebN.exe
Size

83KB
MD5

5c5d71cb6d9e6eb8f3a3ebfd021a0ef0
SHA1

25c1aa12044594f10d6da62bc8dbefab3f6e6644
SHA256

4478ed60d5e231bc53593b465e2f700a91a0e49e4cc8645e709c300f5aa4ceeb
SHA512

e872fd1978dcac6b9e39fbeafe4e5b2d566599905ccb21d1d17de95a3371a6001cbececb6bf28ee809c80444fa84bb8eda54f681cf918baf31e5f34fd4072c37
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+6K:LJ0TAz6Mte4A+aaZx8EnCGVu6

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/560-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/560-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/560-7-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x003100000001926b-11.dat	upx
behavioral1/memory/560-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/560-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4478ed60d5e231bc53593b465e2f700a91a0e49e4cc8645e709c300f5aa4ceebN.exe

C:\Users\Admin\AppData\Local\Temp\4478ed60d5e231bc53593b465e2f700a91a0e49e4cc8645e709c300f5aa4ceebN.exe
"C:\Users\Admin\AppData\Local\Temp\4478ed60d5e231bc53593b465e2f700a91a0e49e4cc8645e709c300f5aa4ceebN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-KoSg0XtOel6IDVLZ.exe

Filesize
83KB

MD5
39e7cdd62eb4690a8344885cce16b426

SHA1
f527ac7e8c252f196334540511c9259aabaec85b

SHA256
26816d9f948296958a6fb673ea1d8e9db4d632a68db4d8e46bd7a40537cc2d98

SHA512
13154a678e0c246c1ea4f9c389d7535fba6b853bbd96aef65c217ea88aa681a41a265498f301935a412c7b7481d606399c21d84cebd7189a4cf954145d709f08

Download Submit
memory/560-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/560-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/560-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/560-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/560-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download