e4da45c58e4d8ad9f17273dc551c813bcd124bf81732409bfa4a97974931909b

Analysis

max time kernel
110s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2024, 16:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e4da45c58e4d8ad9f17273dc551c813bcd124bf81732409bfa4a97974931909bN.exe
Size

83KB
MD5

a54656a181460bdd18f0c7c3ef8d90c0
SHA1

2f3b664a557f547c0ed368c1f286e84ee24e9539
SHA256

e4da45c58e4d8ad9f17273dc551c813bcd124bf81732409bfa4a97974931909b
SHA512

31baaa5be0ec2c67ae75c3697894b16dc56a9db5a87c4ef5bdde454e0d950fc568358924048f48e34a40d1e0493e5d233567792ce99187f81ab8e613a11737c1
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+RK:LJ0TAz6Mte4A+aaZx8EnCGVuR

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3540-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3540-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3540-4-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3540-8-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/files/0x0010000000023b3f-12.dat	upx
behavioral2/memory/3540-15-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3540-21-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e4da45c58e4d8ad9f17273dc551c813bcd124bf81732409bfa4a97974931909bN.exe

C:\Users\Admin\AppData\Local\Temp\e4da45c58e4d8ad9f17273dc551c813bcd124bf81732409bfa4a97974931909bN.exe
"C:\Users\Admin\AppData\Local\Temp\e4da45c58e4d8ad9f17273dc551c813bcd124bf81732409bfa4a97974931909bN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-b1nsBfKfuFofVYD4.exe

Filesize
83KB

MD5
c05535144294ba64820973bc42da0571

SHA1
5271c16210a9109a771dffc46d449a04510be63a

SHA256
c3d115fc4ad24ed5aff96d805a9b6ff09be5d7152ca155dd41f34b15b636f5ad

SHA512
d2cc2254c3c036623edfcf09e077543238867065219a3cfd9a8a1b7ee9ca92543b7f253cbbe22ad27668f3ee7732ed552da7d31f0341ac3eb49a1294e97a56aa

Download Submit
memory/3540-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3540-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3540-4-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3540-8-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3540-15-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3540-21-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download