Analysis

  • max time kernel
    111s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/11/2024, 13:34

General

  • Target

    e4f3888d50719e83793724ab86679155608156cb1e8cbfc229bb2197d018bd2eN.exe

  • Size

    83KB

  • MD5

    1e241f2cb3e213ed60e1c39602a390b0

  • SHA1

    c4941d4fcb6def70422ed1b61796065be2cc7888

  • SHA256

    e4f3888d50719e83793724ab86679155608156cb1e8cbfc229bb2197d018bd2e

  • SHA512

    68b5c6d4f0fa2546e3f2eedadb1ee3a8a671a4b39a1f18da6858c36ca34c8f44ad03227918b77e41bb546fb387fe508aad1530215fd8850995b043bd6cb060f9

  • SSDEEP

    1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+/K:LJ0TAz6Mte4A+aaZx8EnCGVu/

Score
5/10

Malware Config

Signatures

  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\e4f3888d50719e83793724ab86679155608156cb1e8cbfc229bb2197d018bd2eN.exe
    "C:\Users\Admin\AppData\Local\Temp\e4f3888d50719e83793724ab86679155608156cb1e8cbfc229bb2197d018bd2eN.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:4284

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\rifaien2-HTTZAgyLHiuNARYH.exe

          Filesize

          83KB

          MD5

          5b46074959e17b8d0988d82a3de62bd1

          SHA1

          ef6c2429812cdd841227c5301d9a2122503c3cad

          SHA256

          3e1ee05060fe3064653b2e58beaa787ffb1a7af698ce7a0178df987f4aa1b6b9

          SHA512

          a98926a69e57c131d380b2575a41160a69d149a5d0e39e5034ba4e4f845edaa1e2f0e695e43d3079bd10c97404f7ae3e3b6f432e20a41e2f3e1471d6a7734814

        • memory/4284-0-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

        • memory/4284-1-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

        • memory/4284-4-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

        • memory/4284-8-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

        • memory/4284-15-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

        • memory/4284-19-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB