e6a987f603a2cb6000b2cc857ec8113fd319785df833adcbdd7b94dc299eaca8

Analysis

max time kernel
120s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 16:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e6a987f603a2cb6000b2cc857ec8113fd319785df833adcbdd7b94dc299eaca8.exe
Size

83KB
MD5

fb1e97c5ea6b7bf5e4f89a953b9b3914
SHA1

b5d34b1e46083339a3b091585e92d33a8377332f
SHA256

e6a987f603a2cb6000b2cc857ec8113fd319785df833adcbdd7b94dc299eaca8
SHA512

159d705daefea2e551730d4217cffc3f141e7425654dc6e4458b4f8ca722a77eea0b44c4c33be935e180de54f8dfe85c3eefa5bc698bf6499f8d867421f1aa0f
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+MPKO:LJ0TAz6Mte4A+aaZx8EnCGVuUP

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1216-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1216-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1216-8-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/files/0x000b000000023b8d-12.dat	upx
behavioral2/memory/1216-15-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1216-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e6a987f603a2cb6000b2cc857ec8113fd319785df833adcbdd7b94dc299eaca8.exe

C:\Users\Admin\AppData\Local\Temp\e6a987f603a2cb6000b2cc857ec8113fd319785df833adcbdd7b94dc299eaca8.exe
"C:\Users\Admin\AppData\Local\Temp\e6a987f603a2cb6000b2cc857ec8113fd319785df833adcbdd7b94dc299eaca8.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-R8htaruKJT6fgA0U.exe

Filesize
83KB

MD5
78bb4a7c9161a719df3fbcbbd5c78e2e

SHA1
c1b4400a67b46a074aa3804b571e9f2e8799f7c0

SHA256
fde934bd449ca6ed082a4f66aa967c05eb075776245965d3ba79b30bd3e7ad7f

SHA512
ebacd5650b4555f65951a75f6f040414c1197c46bd92af94904a29c44a025132e60ba5f3ad2e9d940bc25af3a0e89eefc04390feb32fe4d281f0d8388a227728

Download Submit
memory/1216-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1216-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1216-8-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1216-15-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1216-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download