d8585850b0403fd1e945fb95bebe040a85e48398a47f60c9fd7be24870d0e402

Analysis

max time kernel
116s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/10/2024, 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d8585850b0403fd1e945fb95bebe040a85e48398a47f60c9fd7be24870d0e402N.exe
Size

83KB
MD5

30a26a3021b105fc21d2ef04ac915570
SHA1

5ab9aac7ce9e378692d3cb161525ef5ad6c8e0bd
SHA256

d8585850b0403fd1e945fb95bebe040a85e48398a47f60c9fd7be24870d0e402
SHA512

02e581dc7b99822ef1ed2d152bf0a877c81310bece5f7b751ea0eed580d9d4ce5266546eaf2fb7e4128f1dbc8bc14b0b2c4d3d433ccc0a16f877de47da34b4b5
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+xK:LJ0TAz6Mte4A+aaZx8EnCGVux

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3744-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3744-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3744-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/files/0x000c000000023b59-11.dat	upx
behavioral2/memory/3744-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3744-21-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d8585850b0403fd1e945fb95bebe040a85e48398a47f60c9fd7be24870d0e402N.exe

C:\Users\Admin\AppData\Local\Temp\d8585850b0403fd1e945fb95bebe040a85e48398a47f60c9fd7be24870d0e402N.exe
"C:\Users\Admin\AppData\Local\Temp\d8585850b0403fd1e945fb95bebe040a85e48398a47f60c9fd7be24870d0e402N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-VAZ2Il1UE4HXIlB8.exe

Filesize
83KB

MD5
be199b68aa1e29c0c6b56199b998829f

SHA1
22406b5443ec0020ca20fbc9e4aa11de206601f7

SHA256
a4ae82ed26067df1dc54409a9f0ddafc58b199edd86284f0d8552f086291a9f0

SHA512
b94c0b7b96790d2439d68045e97ed355512f559072c13ad63876fe17381d099fe35bf0531884a5fc2d0c46179abeea588c007a8671e14ece54f8f61f9e3fb97c

Download Submit
memory/3744-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3744-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3744-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3744-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3744-21-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download