59eceecabe1360526c81d4ade43b4bf0ac8aef5799d4353469b13dc92d7df169

Analysis

max time kernel
110s
max time network
92s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15-10-2024 06:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59eceecabe1360526c81d4ade43b4bf0ac8aef5799d4353469b13dc92d7df169N.exe
Size

83KB
MD5

8e9c9faf0da3c2c25bbbffe4b62c0170
SHA1

91dd2fcd1cccf4a860d561b0b84f51052e4d3564
SHA256

59eceecabe1360526c81d4ade43b4bf0ac8aef5799d4353469b13dc92d7df169
SHA512

05090aba7f2b5fc7075a7f87dea6c45b057b8c87806b3daaa466605510c8754c038bfa4f77f93f35ce159df3488beb94060cb3aba2098951ec3028fe7953e807
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+NK:LJ0TAz6Mte4A+aaZx8EnCGVuN

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1916-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1916-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1916-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-11.dat	upx
behavioral1/memory/1916-12-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1916-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	59eceecabe1360526c81d4ade43b4bf0ac8aef5799d4353469b13dc92d7df169N.exe

C:\Users\Admin\AppData\Local\Temp\59eceecabe1360526c81d4ade43b4bf0ac8aef5799d4353469b13dc92d7df169N.exe
"C:\Users\Admin\AppData\Local\Temp\59eceecabe1360526c81d4ade43b4bf0ac8aef5799d4353469b13dc92d7df169N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-mynTxT2JaimMAZ1e.exe

Filesize
83KB

MD5
624d2dc2c822e3f186c05e0798438911

SHA1
e5c5be63ef7c411f3c8cc0efc2cab1b24810e6cf

SHA256
91b804c72180b00a8891238c42853171f0e301e8b4891ea051f85c843f5c75fa

SHA512
aafbe7166cc9f674eb68f42e2b600ec70263c7ae9067554a658762db7d0f6f5c57c8ad5ee6f5cc423e30e71b0f2f662d94012274a8ba890718a165568141c0e8

Download Submit
memory/1916-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1916-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1916-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1916-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1916-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download