1dbaf91018a461e5e55472746d5fbd212c788190b5a0f40a8176f4d77d15b37b

Analysis

max time kernel
110s
max time network
97s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18-10-2024 01:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1dbaf91018a461e5e55472746d5fbd212c788190b5a0f40a8176f4d77d15b37bN.exe
Size

83KB
MD5

7225013865106b04485d9760733ba840
SHA1

d21e271402f5bfd3f4e47956dfaef4e258c233ab
SHA256

1dbaf91018a461e5e55472746d5fbd212c788190b5a0f40a8176f4d77d15b37b
SHA512

e6cf0644c7077f21c4189b6487153342c4512675ac18c7d494787383a577915ef5e04a824ee4cc5b042b470b162599b37479dedfa2739c8ace4b22ffbf223aa0
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+lK:LJ0TAz6Mte4A+aaZx8EnCGVul

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/972-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/972-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/972-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x000d000000012262-12.dat	upx
behavioral1/memory/972-15-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/972-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1dbaf91018a461e5e55472746d5fbd212c788190b5a0f40a8176f4d77d15b37bN.exe

C:\Users\Admin\AppData\Local\Temp\1dbaf91018a461e5e55472746d5fbd212c788190b5a0f40a8176f4d77d15b37bN.exe
"C:\Users\Admin\AppData\Local\Temp\1dbaf91018a461e5e55472746d5fbd212c788190b5a0f40a8176f4d77d15b37bN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-aRUDz3ergqIYBVTS.exe

Filesize
83KB

MD5
2a44c86ffb64d1dd0f5ddf818b6e210e

SHA1
e891e7d51d5c6ef3c3969c93bdc6dbaf3c761f03

SHA256
f206e146cf81922022c117abfa84266ac598bec227bdde1e49c4f1074d978d07

SHA512
2fc507c952e2e3a8df19f239474d8835d5b66c73ae818fa064d9015a86d2fd0d76a23929e43220ba5a4b9a349769316e4937a8c0a4e0a9fd87d3ba32d819c838

Download Submit
memory/972-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/972-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/972-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/972-15-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/972-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download