Analysis

  • max time kernel
    111s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/11/2024, 15:50

General

  • Target

    a95af4e1de377a73c6fd7b3b1fba0cb03006e3b8418ff3d368cb3b740a215dfcN.exe

  • Size

    83KB

  • MD5

    0d2bdb6c287e7738f785139492200750

  • SHA1

    8ec4768ede9b5f98cebd44b8992d10b2f59bf9e4

  • SHA256

    a95af4e1de377a73c6fd7b3b1fba0cb03006e3b8418ff3d368cb3b740a215dfc

  • SHA512

    e415c3cbad7d97cd64b6a98284a28a8b99b1439207d445ebf08bf47599525302ed3274e396471a872b307612ff210d06dc106f10835c545ae71c829e648f9b34

  • SSDEEP

    1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+MK:LJ0TAz6Mte4A+aaZx8EnCGVuM

Score
5/10

Malware Config

Signatures

  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\a95af4e1de377a73c6fd7b3b1fba0cb03006e3b8418ff3d368cb3b740a215dfcN.exe
    "C:\Users\Admin\AppData\Local\Temp\a95af4e1de377a73c6fd7b3b1fba0cb03006e3b8418ff3d368cb3b740a215dfcN.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:208

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rifaien2-Iq4RbDdbrQvrsah2.exe

    Filesize

    83KB

    MD5

    54943ed294a47c31e748c63a8d158cbe

    SHA1

    156883b8a7ff8335c9a1c330a395b1a89249afdf

    SHA256

    bacad7be81b76c418b36ec24a1fbea4bfe2bcea9f7811ddb0f8fe4ba270fee19

    SHA512

    8406a205d0f07ce99167ddff3083aa79db62cf3bfbc3869ee33767b47ed30394cb2d7be3bde711615631ed848166f5258538978a0c8f3d22d2c21a57de0d0fcb

  • memory/208-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/208-1-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/208-4-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/208-8-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/208-15-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/208-22-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB