61be246c2f0de298d443482c174582e02fc23c62f5b727bf98f0a3c45e9c3928

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18/10/2024, 09:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

61be246c2f0de298d443482c174582e02fc23c62f5b727bf98f0a3c45e9c3928N.exe
Size

83KB
MD5

6e5b785e29fdbff2f2b776f7098074e0
SHA1

4c21f8487cfd88a32f14999ba8daf0e7681de214
SHA256

61be246c2f0de298d443482c174582e02fc23c62f5b727bf98f0a3c45e9c3928
SHA512

9b560fef7d93a7c7a8226022348fea654ad8e79931ae5fdcef377f341daed5989d092ad165d6b992804d0159066f5c9f805f0ca977cd00b969f2f46d9623678a
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+0K:LJ0TAz6Mte4A+aaZx8EnCGVu0

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2200-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2200-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2200-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0016000000005587-11.dat	upx
behavioral1/memory/2200-12-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2200-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	61be246c2f0de298d443482c174582e02fc23c62f5b727bf98f0a3c45e9c3928N.exe

C:\Users\Admin\AppData\Local\Temp\61be246c2f0de298d443482c174582e02fc23c62f5b727bf98f0a3c45e9c3928N.exe
"C:\Users\Admin\AppData\Local\Temp\61be246c2f0de298d443482c174582e02fc23c62f5b727bf98f0a3c45e9c3928N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-9TDdCHaqBz5Wm2sW.exe

Filesize
83KB

MD5
b794f4df22aeae728c1683bd4199291b

SHA1
81c902b351bb2176fb8cb010f3600f37791e0a04

SHA256
92f82e52a1e4ba94987fccda46f1e9b97824469dae3da847a693704aa5bfed96

SHA512
193e39fafc35f74aae3bfe215006cf0a82f8d57787c8a3b2037769f10f234bbeba1568f96a3b8aa7dec4ac62363248d3c629757a31b855f031203ad3a351adc4

Download Submit
memory/2200-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2200-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2200-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2200-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2200-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download