Analysis

  • max time kernel
    111s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/11/2024, 08:34

General

  • Target

    1f107e0d26e48ee0f32fcd082dc4fb5cfef634a7535d509998946a4ca7181767N.exe

  • Size

    83KB

  • MD5

    0763061c9fdd90a535ed0f36b80c91c0

  • SHA1

    111f17947a19b8a98ab8f62631791bebf77c073e

  • SHA256

    1f107e0d26e48ee0f32fcd082dc4fb5cfef634a7535d509998946a4ca7181767

  • SHA512

    f7d30f2b873edf04adfbefa67060d000ce4ffc829f8ce2339d739e8206fb4be3b9a71fbee0ee29043903dec44e64fb1f586360810c0ef454333f01ccb4bcf817

  • SSDEEP

    1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+/K:LJ0TAz6Mte4A+aaZx8EnCGVu/

Score
5/10

Malware Config

Signatures

  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f107e0d26e48ee0f32fcd082dc4fb5cfef634a7535d509998946a4ca7181767N.exe
    "C:\Users\Admin\AppData\Local\Temp\1f107e0d26e48ee0f32fcd082dc4fb5cfef634a7535d509998946a4ca7181767N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1096

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rifaien2-QiyVzg1PCbIQa4uA.exe

    Filesize

    83KB

    MD5

    b9834c7b3b1f761c5c26599a436b8ad4

    SHA1

    c9307d0f79165d10ee83d7dc2bb723dd626ba6c8

    SHA256

    7e369821cb2141f0fe4f4f16a45839d723778b4919b5169d6b8992abb93a1918

    SHA512

    060fee7b28deb29829911e200dadc51b0e3634e0ff8a21fa93c9715a9997ae237455f0158e56014714605b51e87a232fc8d329cbb72048ab2717cb0987cab320

  • memory/1096-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1096-1-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1096-4-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1096-8-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1096-12-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1096-19-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB