Analysis

  • max time kernel
    111s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/11/2024, 07:02

General

  • Target

    3027b835cec63c695521a549b990e340fb909b97098a44fe58b2bb22aab9bbddN.exe

  • Size

    83KB

  • MD5

    028de53b02c6a02adcf7e5e271e9be60

  • SHA1

    59a9b72cfcec93972a99fc3491ca722c5c3485b9

  • SHA256

    3027b835cec63c695521a549b990e340fb909b97098a44fe58b2bb22aab9bbdd

  • SHA512

    8cd7bc887e4bef62911a5eae09e8e0d23a92ce8f310017f46ab16fd41a19d28121a20fbdf0e993f25a12952ec69ff8443a34e97c0d7a74372625e3c0750949dd

  • SSDEEP

    1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+IK:LJ0TAz6Mte4A+aaZx8EnCGVuI

Score
5/10

Malware Config

Signatures

  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\3027b835cec63c695521a549b990e340fb909b97098a44fe58b2bb22aab9bbddN.exe
    "C:\Users\Admin\AppData\Local\Temp\3027b835cec63c695521a549b990e340fb909b97098a44fe58b2bb22aab9bbddN.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:3480

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rifaien2-3Irn7Cls7wxL8FcU.exe

    Filesize

    83KB

    MD5

    7fba58fbc59c3720574710fb3a601ec2

    SHA1

    04bf9de94ba9ef688c728a132e337b7c7b9b7f2b

    SHA256

    1088b5d1e70e9e81fa05d4ef91d9f35554e74b9f8b99d430c08d67030ed9c267

    SHA512

    0f039d22dd85605bc0db986770158bddc868f2dc31a4b24e114fceae2b423498220d5e070621acc9d1fefd9030eddb5dca28049ba1400d0c8840ac2b4292a460

  • memory/3480-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/3480-1-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/3480-4-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/3480-8-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/3480-13-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/3480-21-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB