270c68af5d125f67e220ee1c63e03e6afd750ed1e525f2f4ec203e2b87aa5630

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
13-10-2024 21:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

270c68af5d125f67e220ee1c63e03e6afd750ed1e525f2f4ec203e2b87aa5630N.exe
Size

236KB
MD5

5eaf0a1d5d944804e9497aff6869f970
SHA1

422e0a486e6b3d4af7d7c8b63a5328f5bea983d6
SHA256

270c68af5d125f67e220ee1c63e03e6afd750ed1e525f2f4ec203e2b87aa5630
SHA512

32e4ed7a4035e0ea89abefd1d7ba1f334b629118ef725dcc7c10c1110a2eb24f3d771a44e236d3c80446683bbf093147075099a90343ff81f1e765b953805190
SSDEEP

3072:uJ0Bs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/5/FnncroP9:ywDeM7iNEkgiOb31k1EClJ/F

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2732-0-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral1/memory/2732-1-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral1/files/0x000c0000000122cf-7.dat	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	270c68af5d125f67e220ee1c63e03e6afd750ed1e525f2f4ec203e2b87aa5630N.exe

C:\Users\Admin\AppData\Local\Temp\270c68af5d125f67e220ee1c63e03e6afd750ed1e525f2f4ec203e2b87aa5630N.exe
"C:\Users\Admin\AppData\Local\Temp\270c68af5d125f67e220ee1c63e03e6afd750ed1e525f2f4ec203e2b87aa5630N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-Hxyn8XVwRkUwIvYa.exe

Filesize
236KB

MD5
550d708cd5188e89ee5ae1b9b2afd9d5

SHA1
2b464a03a6c5bee26715f136b9848e5146de8604

SHA256
ea02c15e87e5a987fdac5b941d8775bfaf6dfccfc4970b4160a4dff312f29cf3

SHA512
73bcf418b856c79852fcecb271d1bec348ea89bb555a08ee57aeaff64143706c48c82582586145fedfc489f61b6c80f199ed3311e36feb78833e4ad6f706b270

Download Submit
memory/2732-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/2732-1-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download