f79ddcd51b91ac33e324f4ad30f9193fa7450f1e4081f8903b301ec18b74ff0f

Analysis

max time kernel
111s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 15:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f79ddcd51b91ac33e324f4ad30f9193fa7450f1e4081f8903b301ec18b74ff0fN.exe
Size

83KB
MD5

945d50c36cb672eccb0012ab5b363170
SHA1

41b23e4d242de4c494db7f74fb9cc48152193973
SHA256

f79ddcd51b91ac33e324f4ad30f9193fa7450f1e4081f8903b301ec18b74ff0f
SHA512

06de797377bd7fd2433c970d39b8318ae370cbe9bdbc1eaf89b5a9ddd8ab0d0755a6a949f546c3f3fba0bc7e97e75bade19292d5cdc29e358b0d5f6b5396b93c
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+YK:LJ0TAz6Mte4A+aaZx8EnCGVuY

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3704-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3704-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3704-4-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3704-8-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/files/0x000b000000023b8d-12.dat	upx
behavioral2/memory/3704-15-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3704-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f79ddcd51b91ac33e324f4ad30f9193fa7450f1e4081f8903b301ec18b74ff0fN.exe

C:\Users\Admin\AppData\Local\Temp\f79ddcd51b91ac33e324f4ad30f9193fa7450f1e4081f8903b301ec18b74ff0fN.exe
"C:\Users\Admin\AppData\Local\Temp\f79ddcd51b91ac33e324f4ad30f9193fa7450f1e4081f8903b301ec18b74ff0fN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-JmaxXUwWoAZowMnf.exe

Filesize
83KB

MD5
36ab80dcd59171ef0549c32e874665a1

SHA1
b9f7135c1e4b61ad3a30cc815f9f2c563bd7c411

SHA256
b3ec1b7d06f951ef2386b5bb529ef498c45980d2fb2295195bd9b4ac6fd85cc9

SHA512
e95cd7767ed416fe935520fcb7849bc813b23e97df72487a7818eef650da023d2e2b850c4d450e3041ce52c96155e06d0f03f0a0befebceb28242df95338a6df

Download Submit
memory/3704-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3704-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3704-4-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3704-8-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3704-15-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3704-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download