2e1e2b8eb25fec3f21f5fa16f1260c586b019848ac3e20d060f8c708f59da06d

Analysis

max time kernel
110s
max time network
92s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15/10/2024, 00:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2e1e2b8eb25fec3f21f5fa16f1260c586b019848ac3e20d060f8c708f59da06dN.exe
Size

83KB
MD5

df8af8900058f95945e8e9d0e0dae910
SHA1

080cbc794d0ebcb35ee7a8fbdfde4c40a7214931
SHA256

2e1e2b8eb25fec3f21f5fa16f1260c586b019848ac3e20d060f8c708f59da06d
SHA512

4dfca86359882a808c88307ee7731812d6caa681c2e60b30168b40b8c18b2a5fe7726c0d72c74ed367a7f1013044ed36667679b58ba4d98d10db6ed28f834e45
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+EK:LJ0TAz6Mte4A+aaZx8EnCGVuE

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2664-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2664-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2664-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x000b0000000122ce-11.dat	upx
behavioral1/memory/2664-12-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2664-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e1e2b8eb25fec3f21f5fa16f1260c586b019848ac3e20d060f8c708f59da06dN.exe

C:\Users\Admin\AppData\Local\Temp\2e1e2b8eb25fec3f21f5fa16f1260c586b019848ac3e20d060f8c708f59da06dN.exe
"C:\Users\Admin\AppData\Local\Temp\2e1e2b8eb25fec3f21f5fa16f1260c586b019848ac3e20d060f8c708f59da06dN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-DWtqott0LpwQtuu2.exe

Filesize
83KB

MD5
9ae8a1ed5e7832f57a820327f69feced

SHA1
cf128ed6fba72be042f555877895680f2caa143a

SHA256
8bc9c1d40bdee71d8ed460beacab2a70318020c6fe8916d0fbc8a643ee56bcfb

SHA512
0bef5d482f5a7ea003e38417d254fb82f0cf4e3b3ce0e11406e70ec415b08d49ffef6c449b64bc1166fdaa8017ad61f9da78cebe4414e788a16f4d315ffd8bb6

Download Submit
memory/2664-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2664-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2664-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2664-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2664-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download