050e3b46fd2957c3d2cf71875ad96170668bdfcb8c524a5d6f814aafb00d48e1

Analysis

max time kernel
111s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15-10-2024 03:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

050e3b46fd2957c3d2cf71875ad96170668bdfcb8c524a5d6f814aafb00d48e1N.exe
Size

83KB
MD5

21ae34240a609306016c1bb2181e6bb0
SHA1

4765786a41191e17c500f816485c26ed90cbea99
SHA256

050e3b46fd2957c3d2cf71875ad96170668bdfcb8c524a5d6f814aafb00d48e1
SHA512

f26932ce7eee428713a4d8612710a7d9c3b62d41553ffcc7425fc65e84f79dafac5dfb6744d7de371c6df97ae3be29dcffee0856ff69fdf1fd0a0fcae5919cae
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+pK:LJ0TAz6Mte4A+aaZx8EnCGVup

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3392-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3392-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3392-4-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3392-8-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/files/0x0010000000023b7e-12.dat	upx
behavioral2/memory/3392-15-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3392-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	050e3b46fd2957c3d2cf71875ad96170668bdfcb8c524a5d6f814aafb00d48e1N.exe

C:\Users\Admin\AppData\Local\Temp\050e3b46fd2957c3d2cf71875ad96170668bdfcb8c524a5d6f814aafb00d48e1N.exe
"C:\Users\Admin\AppData\Local\Temp\050e3b46fd2957c3d2cf71875ad96170668bdfcb8c524a5d6f814aafb00d48e1N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-fIAxS276VccDBhRv.exe

Filesize
83KB

MD5
c50a7c5a95d77a1b4599910b618107ab

SHA1
3b110a7113667ce6929976550f91783eedd59c32

SHA256
fd0290d84549f5f32b73cea3559ed41c10ed345d44d19de7eb29b6f0c4cfe8fd

SHA512
cac1cd04620acad3af5a840ddc3afa21538a015d104a52e2f81987bf013e2f580b6614b564dc873662fdd60ac050a73d9ff2a4ffd83857193024e7559a6f0b5e

Download Submit
memory/3392-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3392-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3392-4-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3392-8-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3392-15-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3392-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download