cd93f0f00d9e810def31ac059c6167ea0d1028c5d56c00bd0403ee656e57ffae

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 10:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cd93f0f00d9e810def31ac059c6167ea0d1028c5d56c00bd0403ee656e57ffaeN.exe
Size

236KB
MD5

6765c9382e7414f472b9d070a0727780
SHA1

9e86c86cc83161842653f438215a18b9837b7cde
SHA256

cd93f0f00d9e810def31ac059c6167ea0d1028c5d56c00bd0403ee656e57ffae
SHA512

df86b57469518a46ee92c43e736ce145b90750e23b02e23e0f6da7400be5b97a79c2d8d436ad261b4addcdc6b82edf0b90631c1fc3ef1986f8f5a1dad20e9a4e
SSDEEP

3072:4J0Bs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/p/FnncroP9:8wDeM7iNEkgiOb31k1EC1J/F

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1076-0-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral1/memory/1076-1-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-7.dat	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cd93f0f00d9e810def31ac059c6167ea0d1028c5d56c00bd0403ee656e57ffaeN.exe

C:\Users\Admin\AppData\Local\Temp\cd93f0f00d9e810def31ac059c6167ea0d1028c5d56c00bd0403ee656e57ffaeN.exe
"C:\Users\Admin\AppData\Local\Temp\cd93f0f00d9e810def31ac059c6167ea0d1028c5d56c00bd0403ee656e57ffaeN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-b5bQ47b7zS7fO6fb.exe

Filesize
236KB

MD5
8d932a897df2a6a0998e07313369bde7

SHA1
f6a220c1d8f2f31291382a3df7558b1a44aab46f

SHA256
822f098b1a87c0a988600e09314596368ffbf01769fa1ae23c541c1b26d050d5

SHA512
409ced1675f035c4139602aec1e99239fad706e87cdee27483704ee4a5a197a277707b4254c2507a6d1fcab2ceb8710c1c967b0e2941d90c1619ce91bbbce9a8

Download Submit
memory/1076-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1076-1-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download