Analysis

  • max time kernel
    110s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/11/2024, 08:48

General

  • Target

    d55a421b4402512c208aa8ecf811f2e42e773c67412c54ae74deaae370b8ee95N.exe

  • Size

    83KB

  • MD5

    52a4f9a66fcd131f6e171385d9b82010

  • SHA1

    a111311c4af91104e78b264346548d16ed34ca18

  • SHA256

    d55a421b4402512c208aa8ecf811f2e42e773c67412c54ae74deaae370b8ee95

  • SHA512

    4dcde024361c862a67a5b361faf922dca88709afad4dab67fc529dfe28aa4f51a7d9232841e12885b8e9a92ad030356ccdb7ab40c8f000f7618957487a7fec95

  • SSDEEP

    1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+fK:LJ0TAz6Mte4A+aaZx8EnCGVuf

Score
5/10

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\d55a421b4402512c208aa8ecf811f2e42e773c67412c54ae74deaae370b8ee95N.exe
    "C:\Users\Admin\AppData\Local\Temp\d55a421b4402512c208aa8ecf811f2e42e773c67412c54ae74deaae370b8ee95N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1236

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rifaien2-rztzx2noVmEXOHU0.exe

    Filesize

    83KB

    MD5

    43e76fc1b821d705e41a8d63e45cbf66

    SHA1

    041f11ce931a9139060af16078bb1043cd45b727

    SHA256

    e055166b3e8159c7f9a05e2acbfe318b56c2b62c7c043c6d69222840125dacac

    SHA512

    aef26cd6c035543288054460422e1549de9cac5a816eecce676890aff91646e20fae3d6140f8b7f5b84e2e095d2c4d8584b59b13cdca7317abec00754bfb251b

  • memory/1236-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1236-1-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1236-5-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1236-14-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1236-21-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB