aff95fabd54d64a0485ac482bc7a9d75c44ced2b8fa532cc5b20392585433c18

Analysis

max time kernel
120s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2024 19:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aff95fabd54d64a0485ac482bc7a9d75c44ced2b8fa532cc5b20392585433c18N.exe
Size

83KB
MD5

84df84fa267844cfd6729d8f519f0680
SHA1

d367df004430e0e8bf6c155d03bf32ba554762f8
SHA256

aff95fabd54d64a0485ac482bc7a9d75c44ced2b8fa532cc5b20392585433c18
SHA512

0515728afb3527ac807875eb10f0a115da22f7f0ea2803b2d205af06ec5d3e80ee92358072ffa2d75d87f2786687d85d3c9f8cb8afe8772dd4b26c264b8d343d
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+XK:LJ0TAz6Mte4A+aaZx8EnCGVuX

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1548-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1548-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1548-4-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1548-8-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/files/0x0011000000023b08-12.dat	upx
behavioral2/memory/1548-15-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1548-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aff95fabd54d64a0485ac482bc7a9d75c44ced2b8fa532cc5b20392585433c18N.exe

C:\Users\Admin\AppData\Local\Temp\aff95fabd54d64a0485ac482bc7a9d75c44ced2b8fa532cc5b20392585433c18N.exe
"C:\Users\Admin\AppData\Local\Temp\aff95fabd54d64a0485ac482bc7a9d75c44ced2b8fa532cc5b20392585433c18N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-uLf7g9rc2vffM5No.exe

Filesize
83KB

MD5
7dc658d53a492de5429842b76e7595b4

SHA1
3eeffea0fc4406593e0f6afedb63f1c36401521c

SHA256
48ac660307c92c6762b040a60fa80d213db2016c621199c4747f36bec3440842

SHA512
7fd123859a28e64f015b5842d2e3bbad8cb832825fdd2ace72da303bc36d31d1e8004bed5ba84c5784b1f16e158cee1b43ddc2bf9681f3ec5f57415f88b36176

Download Submit
memory/1548-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1548-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1548-4-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1548-8-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1548-15-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1548-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download