faf79891c488579eb84268abf56e2154e6e292653310e590891cc6070677fe8a

Analysis

max time kernel
111s
max time network
96s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 14:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

faf79891c488579eb84268abf56e2154e6e292653310e590891cc6070677fe8aN.exe
Size

83KB
MD5

e4a89021ab8c5bf065aa709180d97800
SHA1

fe33634be315726ad9b4450bcfe07061b8093d72
SHA256

faf79891c488579eb84268abf56e2154e6e292653310e590891cc6070677fe8a
SHA512

4c72a900d160cde7368c465007ab00646245f45a2e2fd85b713f86a8251cb79086de4ec83ec0617b436e0d125e132a292dd9c8e5872009715d85c0f6cf66d75c
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+CK:LJ0TAz6Mte4A+aaZx8EnCGVuC

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1656-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1656-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1656-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0004000000018334-12.dat	upx
behavioral1/memory/1656-15-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1656-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	faf79891c488579eb84268abf56e2154e6e292653310e590891cc6070677fe8aN.exe

C:\Users\Admin\AppData\Local\Temp\faf79891c488579eb84268abf56e2154e6e292653310e590891cc6070677fe8aN.exe
"C:\Users\Admin\AppData\Local\Temp\faf79891c488579eb84268abf56e2154e6e292653310e590891cc6070677fe8aN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-54bQIoLttph5mk81.exe

Filesize
83KB

MD5
1fccab5fcb5402b00c2e3b5a22d7773e

SHA1
3da566d64fd9e5a793b29c9717734894f146d102

SHA256
0c98b469412fa3921b72defc383ad4a73ca6e0d1fd9fa2f5f367817d0e457e8d

SHA512
daced81a43be1d515870f36afcfd2ca19c0d860775c6433bd7f3fd307efd34385c05cb5b8b92deb139705ea0d76b3a195ab965e00b3659713f63338d8c5f57fe

Download Submit
memory/1656-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1656-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1656-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1656-15-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1656-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download