bbe46d77ccb9d538c00ee0d60c7bb2cf8b09d6cfeb2d45af144a0e9e903d757b

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 03:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bbe46d77ccb9d538c00ee0d60c7bb2cf8b09d6cfeb2d45af144a0e9e903d757bN.exe
Size

83KB
MD5

86036fb3a473fa95504eadf9cefbf550
SHA1

dfccd6663a70a5241b2e14bd3fe6fcd431eaf298
SHA256

bbe46d77ccb9d538c00ee0d60c7bb2cf8b09d6cfeb2d45af144a0e9e903d757b
SHA512

f4a635468af50388ad24d4eefd88487ac5ebef1a2304f14207c5d3c493f4786d16c92c5afc8b39405c02b6a5a61e51f038897c80259826e139da6bf437f0b595
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+GK:LJ0TAz6Mte4A+aaZx8EnCGVuG

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2876-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2876-2-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2876-6-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0004000000004ed7-12.dat	upx
behavioral1/memory/2876-13-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2876-23-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bbe46d77ccb9d538c00ee0d60c7bb2cf8b09d6cfeb2d45af144a0e9e903d757bN.exe

C:\Users\Admin\AppData\Local\Temp\bbe46d77ccb9d538c00ee0d60c7bb2cf8b09d6cfeb2d45af144a0e9e903d757bN.exe
"C:\Users\Admin\AppData\Local\Temp\bbe46d77ccb9d538c00ee0d60c7bb2cf8b09d6cfeb2d45af144a0e9e903d757bN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-Ox52Man3BDj4heVV.exe

Filesize
83KB

MD5
d601160e44e547b6f9b4cce9765ed5ee

SHA1
01fc85c4e359c6f7c96de1b34fa5a7b4aac804d1

SHA256
2725a180fd3b3464ac4e312ed50cde59e550ed1f6c39a317a4b68f443c78f181

SHA512
5e2765a01c151e4d77fd1f8d4cd76dd1ac49050b37ccea937323d3d4e0a73b120a06a27971eedeedbb837e6d439dff9845c6d215c40fbe0940129347db1dc630

Download Submit
memory/2876-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2876-2-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2876-6-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2876-13-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2876-23-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download