f8fe3d9584b1b8e14109702b9bbdd08e322a1ba33ea40c9c142e80153dfba0b0

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 11:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f8fe3d9584b1b8e14109702b9bbdd08e322a1ba33ea40c9c142e80153dfba0b0N.exe
Size

83KB
MD5

aaa04620439f80fd51fd274960c04720
SHA1

c7f8d9cf4dc3bd7f5b5618bef65adfd904eb507d
SHA256

f8fe3d9584b1b8e14109702b9bbdd08e322a1ba33ea40c9c142e80153dfba0b0
SHA512

7dd8d40b2e86c11584fcbb8cd85e0ea8811ca35c16ce729162bfc9d86dd4721e16905e4cf0e33342a4480cdd38c1a765347f73c44e0349df9be494b7ee617e77
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+AKe:LJ0TAz6Mte4A+aaZx8EnCGVuAX

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2720-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2720-2-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2720-6-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x00080000000120fb-12.dat	upx
behavioral1/memory/2720-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2720-23-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f8fe3d9584b1b8e14109702b9bbdd08e322a1ba33ea40c9c142e80153dfba0b0N.exe

C:\Users\Admin\AppData\Local\Temp\f8fe3d9584b1b8e14109702b9bbdd08e322a1ba33ea40c9c142e80153dfba0b0N.exe
"C:\Users\Admin\AppData\Local\Temp\f8fe3d9584b1b8e14109702b9bbdd08e322a1ba33ea40c9c142e80153dfba0b0N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-xXK9EV6JPXf9eNC3.exe

Filesize
83KB

MD5
5e9fd02c5a221392adc4d76cb9a8df4b

SHA1
d41bdcdbcca379ccc97bc8f39061aff0ab0e441d

SHA256
e6689162ce9db61ba7e5fc682332b87dfdf9899a929c7c1bb57df3ef43de9c6f

SHA512
d4f9d53ed6d572421a37331e3fef8c39e0cf949c1fcee1a7105200af93bfd585b5f6ed9ba11f4c529808a3f30cca60d9380ae9d6de6a029be33857ac467490f3

Download Submit
memory/2720-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2720-2-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2720-6-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2720-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2720-23-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download