285d888b342725b54b44cedfca2ff671efd8d27531422326c76a541dba6cf8a9

Analysis

max time kernel
110s
max time network
91s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
14/10/2024, 00:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

285d888b342725b54b44cedfca2ff671efd8d27531422326c76a541dba6cf8a9N.exe
Size

83KB
MD5

75e7118629de16747166c490bce380b0
SHA1

13cf3ac6628a55e42adcd41a8a81f3800af526ff
SHA256

285d888b342725b54b44cedfca2ff671efd8d27531422326c76a541dba6cf8a9
SHA512

725ab29b7793495bf704a8ac4b33986327be0434f4c70689b737a68b7d70ffdc52dfbc8ae1e1e6c7eca0a9371000dc469d0e1e73958bd4786b204220175f4a6d
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+xK:LJ0TAz6Mte4A+aaZx8EnCGVux

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1760-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1760-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1760-7-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x00090000000120fe-11.dat	upx
behavioral1/memory/1760-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1760-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	285d888b342725b54b44cedfca2ff671efd8d27531422326c76a541dba6cf8a9N.exe

C:\Users\Admin\AppData\Local\Temp\285d888b342725b54b44cedfca2ff671efd8d27531422326c76a541dba6cf8a9N.exe
"C:\Users\Admin\AppData\Local\Temp\285d888b342725b54b44cedfca2ff671efd8d27531422326c76a541dba6cf8a9N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-5JosGbH9sbuH7qcu.exe

Filesize
83KB

MD5
5655a839552205da75738a81d8611cc5

SHA1
16fa1054cd3d20f768a6d0dc779a192a456ce476

SHA256
a6545de4b0f1e77ff1c90d801d51861fa13b2f565ebe7806cc7f9a69256c6b65

SHA512
aba0e1ede15887e919aba45518a2556405c5b8ee401279c58d29d7b6d8d37930a7725a1f0008c61a0fef9a132653359e78009d46b301063530c60e8120eac7fe

Download Submit
memory/1760-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1760-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1760-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1760-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1760-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download