Analysis

  • max time kernel
    119s
  • max time network
    91s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10/11/2024, 07:02

General

  • Target

    3027b835cec63c695521a549b990e340fb909b97098a44fe58b2bb22aab9bbddN.exe

  • Size

    83KB

  • MD5

    028de53b02c6a02adcf7e5e271e9be60

  • SHA1

    59a9b72cfcec93972a99fc3491ca722c5c3485b9

  • SHA256

    3027b835cec63c695521a549b990e340fb909b97098a44fe58b2bb22aab9bbdd

  • SHA512

    8cd7bc887e4bef62911a5eae09e8e0d23a92ce8f310017f46ab16fd41a19d28121a20fbdf0e993f25a12952ec69ff8443a34e97c0d7a74372625e3c0750949dd

  • SSDEEP

    1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+IK:LJ0TAz6Mte4A+aaZx8EnCGVuI

Score
5/10

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\3027b835cec63c695521a549b990e340fb909b97098a44fe58b2bb22aab9bbddN.exe
    "C:\Users\Admin\AppData\Local\Temp\3027b835cec63c695521a549b990e340fb909b97098a44fe58b2bb22aab9bbddN.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1172

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rifaien2-QmXph8l2omtWvF7P.exe

    Filesize

    83KB

    MD5

    7e6126a7ca0a1ece1063212fa43ded51

    SHA1

    d8ba9c3970ee46c48efeb2a032af1ed4bf89e52c

    SHA256

    f2fd0a28c539341903f6bb29c54f90e33a364c3e729c1d46112d2d77fa626644

    SHA512

    e5008bb45f4e32ffaafe4f029d21ea2ebeb744a4ccde45585870688788825ebda69d8a6502d4d13d7edd6b268d8f4535fc298fbec4fa278e64bd5e872fe218e0

  • memory/1172-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1172-1-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1172-7-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1172-14-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1172-22-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB