Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    10-11-2024 01:20

General

  • Target

    ec3b2d02747f4a6bf13dbabd640f48dd51c773acb19d72229a4e818f5a58532eN.exe

  • Size

    83KB

  • MD5

    1d7c672d7525914d142b3a98d2547540

  • SHA1

    5d96aed8df1cc11e8e2319dbffb41b78a75df400

  • SHA256

    ec3b2d02747f4a6bf13dbabd640f48dd51c773acb19d72229a4e818f5a58532e

  • SHA512

    a270cf0beebf88bc4f1a53f80f009d946d20b9a4362b6c234e9b68d8b0e07159621e5b1a7f771b340d0bd85de50d44af41485b29d024dca4ddc4965334915a23

  • SSDEEP

    1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+KK:LJ0TAz6Mte4A+aaZx8EnCGVuK

Score
5/10

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec3b2d02747f4a6bf13dbabd640f48dd51c773acb19d72229a4e818f5a58532eN.exe
    "C:\Users\Admin\AppData\Local\Temp\ec3b2d02747f4a6bf13dbabd640f48dd51c773acb19d72229a4e818f5a58532eN.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:3028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rifaien2-V8VmigGMHIQipu8l.exe

    Filesize

    83KB

    MD5

    e2ae665f61d1095f0118bbea0d14f7b6

    SHA1

    4c5ec46ec5b93b2203bc0d656494e96f5fbb8f52

    SHA256

    b37ae804148b20507645065e0602498a169595ba7b01ee2caabf1dcc26be44de

    SHA512

    a1bce0b340c4f4720b083bbdc47a90754090c8542fe49ebb391400357027e6a458cbf6de8c02c41d14490112bc17935c0e6e8b8e9f9b0cd941e390d6358f39bd

  • memory/3028-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/3028-1-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/3028-5-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/3028-12-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/3028-22-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB