Analysis
-
max time kernel
111s -
max time network
96s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
10-11-2024 01:20
Behavioral task
behavioral1
Sample
1e1e1e3c1f1ec0acd9a3c815e651ca6de2a90800af7dafacd16f361450705410N.exe
Resource
win7-20241010-en
General
-
Target
1e1e1e3c1f1ec0acd9a3c815e651ca6de2a90800af7dafacd16f361450705410N.exe
-
Size
83KB
-
MD5
eeb0145e680087433b7ff1f4d66da2e0
-
SHA1
dcbaf5063012c608decf5cf88afda893c542e2e8
-
SHA256
1e1e1e3c1f1ec0acd9a3c815e651ca6de2a90800af7dafacd16f361450705410
-
SHA512
fd87cfaf67d0367759c9d51b27becb9225c3fa6719271ca125754cce74d74682bbebfc7c48c7655f4234421006ff64330230b097c96ad69d6b49e4ff556a60d3
-
SSDEEP
1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+gK:LJ0TAz6Mte4A+aaZx8EnCGVug
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/2260-0-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2260-1-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2260-5-0x0000000000400000-0x000000000042A000-memory.dmp upx C:\Users\Admin\AppData\Local\Temp\rifaien2-chIYB0TGDRM5QZHb.exe upx behavioral1/memory/2260-12-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2260-22-0x0000000000400000-0x000000000042A000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
1e1e1e3c1f1ec0acd9a3c815e651ca6de2a90800af7dafacd16f361450705410N.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 1e1e1e3c1f1ec0acd9a3c815e651ca6de2a90800af7dafacd16f361450705410N.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
83KB
MD5d82febc89f550cf450f2c7538229f740
SHA1b392362fbb325d4172f64e6abc05e23d683a6e8a
SHA2567406382636add9d9ae8687da0a17378e7af6d14f0cc13899f70ea4f2f14c3aaf
SHA512da83730cdd4366c95309ea3dd54b595b46781f51bdcd0381e9c0725d0e47df4db8115006369ae58f9cb6b459dc7c3bf06be74823c5493eccb9dee1c35649ed30