Analysis

  • max time kernel
    111s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/11/2024, 18:30

General

  • Target

    2135f647497c019b74f636199fdf2b5bd16faf0541df8137915c63f559a136aeN.exe

  • Size

    83KB

  • MD5

    0e529a6e6a30231f605cbea134f13110

  • SHA1

    edd6d9cacbb7afcc0ceaf94e297644b2569d886c

  • SHA256

    2135f647497c019b74f636199fdf2b5bd16faf0541df8137915c63f559a136ae

  • SHA512

    99e4be162ea543d6357dfb3add9b62119e186bc6a551fa8abfe47fad2d76121a75a353fbb7feedba35f94c3713af42ba87345be7d34a670d5c22ca9d5dcb1f46

  • SSDEEP

    1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+pK:LJ0TAz6Mte4A+aaZx8EnCGVup

Score
5/10

Malware Config

Signatures

  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2135f647497c019b74f636199fdf2b5bd16faf0541df8137915c63f559a136aeN.exe
    "C:\Users\Admin\AppData\Local\Temp\2135f647497c019b74f636199fdf2b5bd16faf0541df8137915c63f559a136aeN.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:4632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rifaien2-k9H2yknSWqRNoVB2.exe

    Filesize

    83KB

    MD5

    661231c388f3f49f94597287e6eedb48

    SHA1

    17c5fc29b9cc4e312819c43969d804e5796db363

    SHA256

    881e33b592443599193fc27e03c359aa2713c747df81ffe614357034d8aaa559

    SHA512

    991c6f2db550667fded4eee92dca109de0374ff93668156deda7f32122b1c9503d44103bf4868b89addc625da5f402285606235aac821e6536aa961702a37eed

  • memory/4632-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/4632-1-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/4632-4-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/4632-8-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/4632-11-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/4632-15-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/4632-19-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB