Analysis

  • max time kernel
    111s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/11/2024, 08:34

General

  • Target

    8893c09953272f3fb4f814151d81502a51f2448cc96de15d9e88161c86d2cd1eN.exe

  • Size

    83KB

  • MD5

    38e2412de54ec43b29d5ebe06a2f5b10

  • SHA1

    c620eb1a2b41fc971d549db7c66aff0105f9c4ad

  • SHA256

    8893c09953272f3fb4f814151d81502a51f2448cc96de15d9e88161c86d2cd1e

  • SHA512

    e66b1dd214ad385a527d262b82b681492bd3b9bd043e052aa014e2697ccead3fcae83590edd3c92529651c555b79b22ed3574f12cd1e9b089c60ae14282d43ce

  • SSDEEP

    1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+DK:LJ0TAz6Mte4A+aaZx8EnCGVuD

Score
5/10

Malware Config

Signatures

  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\8893c09953272f3fb4f814151d81502a51f2448cc96de15d9e88161c86d2cd1eN.exe
    "C:\Users\Admin\AppData\Local\Temp\8893c09953272f3fb4f814151d81502a51f2448cc96de15d9e88161c86d2cd1eN.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rifaien2-yV1GDsJQIK3S6itM.exe

    Filesize

    83KB

    MD5

    947d8b7f159714848a56bfedb93ccc04

    SHA1

    27fb782f04357f9e4fe95bf57337805790efda35

    SHA256

    f5d59daeb7ba8a204a5c0e321a5b9b3070664c768c995fac99e4f266334d7555

    SHA512

    bed88f3f247ec338afd76cfc9bae6d6bb99f1304bde68acd660313b81ae1c24997ae7bb253150144f028f80695d97adabecf3807d92a55d4cbc4848dd7bcc775

  • memory/2004-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/2004-1-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/2004-4-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/2004-8-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/2004-15-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/2004-22-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB