Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10/11/2024, 06:56

General

  • Target

    bb5ef9a12945705fb09aa9242da4b93bba5ceefaa54a000ed87d8cac84e39e3cN.exe

  • Size

    83KB

  • MD5

    f306b6137e63a928dc1066c7a5d84740

  • SHA1

    663b30f96491d9a1991acbad72ca8a6e99e4d979

  • SHA256

    bb5ef9a12945705fb09aa9242da4b93bba5ceefaa54a000ed87d8cac84e39e3c

  • SHA512

    2c5a37b6e06ac88e74fe7e3f11d3106c232c1cb8384eb630bdfc45306bb5bc85940a8e1420f4eff98c8b0f569d113cd74a0a01f393fbab540f02f8b3f3e4233b

  • SSDEEP

    1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+fK:LJ0TAz6Mte4A+aaZx8EnCGVuf

Score
5/10

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\bb5ef9a12945705fb09aa9242da4b93bba5ceefaa54a000ed87d8cac84e39e3cN.exe
    "C:\Users\Admin\AppData\Local\Temp\bb5ef9a12945705fb09aa9242da4b93bba5ceefaa54a000ed87d8cac84e39e3cN.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1560

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rifaien2-ODtvYI7fZcoIQiPL.exe

    Filesize

    83KB

    MD5

    25eca16931faf3f1b45ca8124beed782

    SHA1

    5f8381ac5e6340df0d1beb732a6cf10d16b61dd8

    SHA256

    24e948283b6872a60a7b707a92aa00a9d5b157c4cbfc39f3dc3f30ab4a62ee5e

    SHA512

    8ad4c7c1d3687fcfc28e47084a89516a37005ec399e6660b4cdb0781d05e9447c04b48e47a8a244e878da86628246900d388d78cd73d76c35b354a2040da83cc

  • memory/1560-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1560-1-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1560-7-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1560-14-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1560-22-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB