Analysis

  • max time kernel
    110s
  • max time network
    91s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10/11/2024, 06:54

General

  • Target

    de2b9d2df0e8d929a7591194e7dee838e97baffed86b27e7f32deb86c942414dN.exe

  • Size

    83KB

  • MD5

    86350fa06317ecbb35dcf67bf46e2820

  • SHA1

    bd7b4e24d635317ba302b188e6be523346ddeff0

  • SHA256

    de2b9d2df0e8d929a7591194e7dee838e97baffed86b27e7f32deb86c942414d

  • SHA512

    f77f39735a4a3d372a4735cf2ae0854a953f432465dca4737233fbe0f4604859214657f64443e8f24a557a62819f76af6f07f61454ee9753d7e8b492f2e6fa8d

  • SSDEEP

    1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+8K:LJ0TAz6Mte4A+aaZx8EnCGVu8

Score
5/10

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\de2b9d2df0e8d929a7591194e7dee838e97baffed86b27e7f32deb86c942414dN.exe
    "C:\Users\Admin\AppData\Local\Temp\de2b9d2df0e8d929a7591194e7dee838e97baffed86b27e7f32deb86c942414dN.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rifaien2-FiEfWcXuJ8XDOTmO.exe

    Filesize

    83KB

    MD5

    0dd54c37f76f730a86c03938f12d697f

    SHA1

    3fccd22d5637fb7b777f670d2423ed30acdd0880

    SHA256

    fd097f4119189d5bfe34f08ba83485be475a3ed44d1c6ce88849f13421e22c0d

    SHA512

    5ab55d604040eee7188af684b129451b5a550b897b0b3fe48a8811937d6f96319c9e1574787c63733afcf40378310df72ae3fdf300a5486a0ab4e110f376b6e2

  • memory/816-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/816-1-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/816-7-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/816-14-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/816-22-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB