9e95f178f7a31de764e8ab42ffd8350657a8fddff68bbba7f9ad9ce44f53e7d6

Analysis

max time kernel
120s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2024, 05:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9e95f178f7a31de764e8ab42ffd8350657a8fddff68bbba7f9ad9ce44f53e7d6N.exe
Size

83KB
MD5

1f7e5ec8d88ee557a49bf381b9905180
SHA1

42c9039133c416a8bc1d7509d32e0bece71663b9
SHA256

9e95f178f7a31de764e8ab42ffd8350657a8fddff68bbba7f9ad9ce44f53e7d6
SHA512

580b82d62e64723000b10aada00b7313949b195ceab77e62c5ae50373e0c577aedb8f00b01a4816aeb07701bada96c117d4d5383b1fad3b3c4b672fd222b9545
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+8K:LJ0TAz6Mte4A+aaZx8EnCGVu8

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4312-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4312-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4312-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/files/0x0013000000023a3d-11.dat	upx
behavioral2/memory/4312-13-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4312-21-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9e95f178f7a31de764e8ab42ffd8350657a8fddff68bbba7f9ad9ce44f53e7d6N.exe

C:\Users\Admin\AppData\Local\Temp\9e95f178f7a31de764e8ab42ffd8350657a8fddff68bbba7f9ad9ce44f53e7d6N.exe
"C:\Users\Admin\AppData\Local\Temp\9e95f178f7a31de764e8ab42ffd8350657a8fddff68bbba7f9ad9ce44f53e7d6N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-QVK3fB30voy1kq2F.exe

Filesize
83KB

MD5
1534f3e0d64e593dcd0d83ef1b1e4909

SHA1
9820bf2369eaccfec4576147d5cc1d83cd3ab25c

SHA256
ac314251133a5251703a13deda13703ca4948b336615697ea1d469b09884b930

SHA512
d9dc4c19439a487ecd6e4fa251ef7670c9a8851b89b9729ef486d566b5407e0ed1d0f11d989a4f440e1aa31f2025ae59352d55e0d5b1bad01525c53745c39c09

Download Submit
memory/4312-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4312-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4312-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4312-13-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4312-21-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download