Analysis

  • max time kernel
    111s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2024, 15:51

General

  • Target

    bad772011e6ee0a995c1818c419215f8a6255b9ce2dd499b5b4a939579ad1bffN.exe

  • Size

    83KB

  • MD5

    a4f866f6c309b5c60e48d32578aacc70

  • SHA1

    ef3ec3b9e13970764217f85ce0ce511d2488ba47

  • SHA256

    bad772011e6ee0a995c1818c419215f8a6255b9ce2dd499b5b4a939579ad1bff

  • SHA512

    999f413fa5427133a0c03226d63c89684a1ffd0bc2bd99239f4d4a17321a1ca822363388ed405dbd7361bf2cba3fe74ea7c5067953063221414a57dc849c56e6

  • SSDEEP

    1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+NK:LJ0TAz6Mte4A+aaZx8EnCGVuN

Score
5/10

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\bad772011e6ee0a995c1818c419215f8a6255b9ce2dd499b5b4a939579ad1bffN.exe
    "C:\Users\Admin\AppData\Local\Temp\bad772011e6ee0a995c1818c419215f8a6255b9ce2dd499b5b4a939579ad1bffN.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2556

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\rifaien2-xTjpXmsCI4JzKOOd.exe

          Filesize

          83KB

          MD5

          ed90976f758b79b9d187e0e9f1ba04d0

          SHA1

          05ec6d68db54ca01426906ca1a4cc83297699167

          SHA256

          7b03f64870a49b5311ea1b9c3c1a699c49c6a7f25a47abec9edbaa907351edae

          SHA512

          4a7b7ecee489f59ef8980f7c4a49c99a3b8cc5c00a8d69eb9b0c63b4693ae8a0e1837598cdc66141b404a711702a269aae058d066ad395167b53cac26ee1fcd1

        • memory/2556-0-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

        • memory/2556-1-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

        • memory/2556-8-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

        • memory/2556-15-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

        • memory/2556-19-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB