cf0fcb21da75f3fd56020d9727218fb3de82e41ffff6bc56dfc76a2951369cfd

Analysis

max time kernel
110s
max time network
92s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
18/10/2024, 07:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf0fcb21da75f3fd56020d9727218fb3de82e41ffff6bc56dfc76a2951369cfdN.exe
Size

83KB
MD5

51dd570084343d8b74b5a389359bb7e0
SHA1

4955d8edb3a150e88cb5ce605a1658b0e7b22d5c
SHA256

cf0fcb21da75f3fd56020d9727218fb3de82e41ffff6bc56dfc76a2951369cfd
SHA512

bfefe1051b417a4b2680401d346bc7996fcb090d5d8cdad36a56a0e486abd7bc59cd1c35312b978e5ce2ebde6ac454e68f60e36ef5fdb6da38fdb47d4d97c987
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+tK:LJ0TAz6Mte4A+aaZx8EnCGVut

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2908-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2908-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2908-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x000a000000012119-11.dat	upx
behavioral1/memory/2908-12-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2908-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cf0fcb21da75f3fd56020d9727218fb3de82e41ffff6bc56dfc76a2951369cfdN.exe

C:\Users\Admin\AppData\Local\Temp\cf0fcb21da75f3fd56020d9727218fb3de82e41ffff6bc56dfc76a2951369cfdN.exe
"C:\Users\Admin\AppData\Local\Temp\cf0fcb21da75f3fd56020d9727218fb3de82e41ffff6bc56dfc76a2951369cfdN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-l180FMoZotq2lVbC.exe

Filesize
83KB

MD5
cae38b342769166071b8a6d599727673

SHA1
c8cb08c311bdfbef7bdc1b26534b68f7acc73337

SHA256
71c6184e658848f51e8913c73b69ce9206f7061845bc47826625710b96ab22b2

SHA512
5ab8d6bd69585f928ae489d93990166d3fc11b0e89b4386757c53b965335981882898363efda1bb1d597dc0aeb8fe581daee4648a4cc1859b02a566eeedbb58d

Download Submit
memory/2908-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2908-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2908-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2908-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2908-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download