61373e5f61b5aab1e0fc094973f9216749be0a0d215f5fe6f0bb95a4b10c4676

Analysis

max time kernel
111s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-10-2024 00:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61373e5f61b5aab1e0fc094973f9216749be0a0d215f5fe6f0bb95a4b10c4676N.exe
Size

83KB
MD5

a94cb611a23f8a6b5adc040694809950
SHA1

f2a5191eca8e1edc46e31b4f051d88560a7d5051
SHA256

61373e5f61b5aab1e0fc094973f9216749be0a0d215f5fe6f0bb95a4b10c4676
SHA512

0d93d422f85b77d206a4e59bf4f12e043b40b04e4a7159d97f496b0e4c0e225edbb9bcd3f54b57075e8b296388bbe8cb34e69a0276522c0ba0043eb9fb40f5c8
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+jK:LJ0TAz6Mte4A+aaZx8EnCGVuj

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4416-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4416-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4416-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/files/0x0010000000023b38-11.dat	upx
behavioral2/memory/4416-12-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4416-18-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4416-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	61373e5f61b5aab1e0fc094973f9216749be0a0d215f5fe6f0bb95a4b10c4676N.exe

C:\Users\Admin\AppData\Local\Temp\61373e5f61b5aab1e0fc094973f9216749be0a0d215f5fe6f0bb95a4b10c4676N.exe
"C:\Users\Admin\AppData\Local\Temp\61373e5f61b5aab1e0fc094973f9216749be0a0d215f5fe6f0bb95a4b10c4676N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-L2jgktXim2tT7lxN.exe

Filesize
83KB

MD5
3bd22ec760729448efd397c28eafc97c

SHA1
e461a4c3d3263d52578690f436556ea1cb87b8eb

SHA256
092dd7e49feb1116825b1f984730c3ae7b465e7283ff6db78cb38375ec8a2e3d

SHA512
d242f5d2816396f3b734b62ff8aa4e660317193316f2b3035004ca52e3a3ab44716937feca11e7f4ed4e7a0eb7a8b45e117e619ccdd0a039e0f8c304f7213568

Download Submit
memory/4416-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4416-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4416-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4416-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4416-18-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4416-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download