7b83ee0772c90fc6968ba58b9f6c2b3ddb862e930b3e4f48c9a187d5775eda0c

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-10-2024 04:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b83ee0772c90fc6968ba58b9f6c2b3ddb862e930b3e4f48c9a187d5775eda0cN.exe
Size

83KB
MD5

28b9312fa9d5c77c77965e8a3b13a9b0
SHA1

08bf79a15ae999b4c29a6bc030b73ddab8a0de92
SHA256

7b83ee0772c90fc6968ba58b9f6c2b3ddb862e930b3e4f48c9a187d5775eda0c
SHA512

1f547568620c8fb4f16c6ab87fd534ecc0d62d2a9be1944eaecdaffe6320c0434bed1e8d7889f7f8f2fedf78ebe4b9c7b68db3a8c92ec184a3fb5cd180016388
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+jK:LJ0TAz6Mte4A+aaZx8EnCGVuj

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1792-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1792-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1792-7-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-11.dat	upx
behavioral1/memory/1792-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1792-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7b83ee0772c90fc6968ba58b9f6c2b3ddb862e930b3e4f48c9a187d5775eda0cN.exe

C:\Users\Admin\AppData\Local\Temp\7b83ee0772c90fc6968ba58b9f6c2b3ddb862e930b3e4f48c9a187d5775eda0cN.exe
"C:\Users\Admin\AppData\Local\Temp\7b83ee0772c90fc6968ba58b9f6c2b3ddb862e930b3e4f48c9a187d5775eda0cN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-N8yaBfJxxMNTUIoo.exe

Filesize
83KB

MD5
ba74d869e383d3aabe73204882a95c82

SHA1
791dfe2c73fbb07af516349136ad7ea6cfbb11e2

SHA256
b3ff5f7ae68c8122b511d0c8a711fd5e63f6d54966ef68bc438f7992b6bb6380

SHA512
29e700bc745ddf03644a22db50ffcf0cd6baa7f0a0f33e668400f5b971d826564c24674b1856eefde2f83ad74c2184c5a6b6063aeece8080046bf2cd3259b24a

Download Submit
memory/1792-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1792-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1792-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1792-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1792-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download