d12f993350cec9b72206b960e5d9cb2cc8799977b823f842d7fa9ce15178f4b4

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 11:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d12f993350cec9b72206b960e5d9cb2cc8799977b823f842d7fa9ce15178f4b4N.exe
Size

236KB
MD5

2a44ed8d51bf8c31e9c78313a09f8780
SHA1

4cb949fc403789b5694cea8829006912a676f0a8
SHA256

d12f993350cec9b72206b960e5d9cb2cc8799977b823f842d7fa9ce15178f4b4
SHA512

087aec5a2922cee6a6c534ce13c9c9df05b4b0cd8e8061055e4680b561fa9ecb1759119b31db5f3d377255d2bdeeeff139d9bf0249b2c18f1c7222910cf27e57
SSDEEP

3072:zJ0Bs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/y/FnncroP9:1wDeM7iNEkgiOb31k1ECkJ/F

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4132-0-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral2/memory/4132-1-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral2/files/0x000b000000023b7f-7.dat	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d12f993350cec9b72206b960e5d9cb2cc8799977b823f842d7fa9ce15178f4b4N.exe

C:\Users\Admin\AppData\Local\Temp\d12f993350cec9b72206b960e5d9cb2cc8799977b823f842d7fa9ce15178f4b4N.exe
"C:\Users\Admin\AppData\Local\Temp\d12f993350cec9b72206b960e5d9cb2cc8799977b823f842d7fa9ce15178f4b4N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-xI6RW1oOwCwwClZl.exe

Filesize
236KB

MD5
222bd10647f653be382463abf2264780

SHA1
c55cfbbd3ca1e197d73a886c3d210930b9aa3645

SHA256
1d4705725a106f1c7e2dab1ab2ee160fbde89d408bb61092afffcf570cf03e50

SHA512
a7fd14e433f7030319e6ec226b8b8a044e96e2d04a9040f242e4c0bea40e9180b3157d979253e9ed34f4a22bb6e15f43f3428ee9dc0ca696b5a063ce835ee1e5

Download Submit
memory/4132-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4132-1-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download