ae23230ceac622e781ef91f18e93843e6b9b090915d470f8ff06a467bda2c02f

Analysis

max time kernel
110s
max time network
92s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-10-2024 19:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae23230ceac622e781ef91f18e93843e6b9b090915d470f8ff06a467bda2c02fN.exe
Size

83KB
MD5

941a34f8f464b9d301b77cbdc32b15f0
SHA1

d7caad3be2a40309ac8bd3cc2d57a111e8c9eef1
SHA256

ae23230ceac622e781ef91f18e93843e6b9b090915d470f8ff06a467bda2c02f
SHA512

158789bce51944e4e165635a62f7cb33ffa10b123d741286a1a63b7c469146f9f262a01f54770efa1969e3ca77a5021157b63c6b884dc59b1858e72e8d0d3971
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+6K:LJ0TAz6Mte4A+aaZx8EnCGVu6

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2408-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2408-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2408-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-11.dat	upx
behavioral1/memory/2408-12-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2408-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ae23230ceac622e781ef91f18e93843e6b9b090915d470f8ff06a467bda2c02fN.exe

C:\Users\Admin\AppData\Local\Temp\ae23230ceac622e781ef91f18e93843e6b9b090915d470f8ff06a467bda2c02fN.exe
"C:\Users\Admin\AppData\Local\Temp\ae23230ceac622e781ef91f18e93843e6b9b090915d470f8ff06a467bda2c02fN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-xyfVTit4TjISfdSc.exe

Filesize
83KB

MD5
47f5f6bcf02dc7547ed7746f241b5523

SHA1
1cc2e479749bb60721cbfcf3961f4272d7c9483d

SHA256
3c09c054f1a9fe8d1533bcffbde4fd7b676f94e83077ce2a5db27864877760f4

SHA512
557b14fb38c0716ce23f29c78103f173d3fb38d5fe87a8a9f638f7f4dcd5f9808fcb9f243d473af68637515df700f9d9af042754cd76b653a2bb5d062b959459

Download Submit
memory/2408-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2408-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2408-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2408-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2408-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download