5219675729b67cfa971d8c97d3bd074b99e6f8a84ea68ac255c6a3fb7ded8682

Analysis

max time kernel
110s
max time network
93s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 16:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5219675729b67cfa971d8c97d3bd074b99e6f8a84ea68ac255c6a3fb7ded8682.exe
Size

83KB
MD5

e9cd52cabff406392018dc773a85d9a9
SHA1

627480dca213c6d667ff9b7ecb6cba8f6a1ef700
SHA256

5219675729b67cfa971d8c97d3bd074b99e6f8a84ea68ac255c6a3fb7ded8682
SHA512

da98a17a596158d8ab2b9a028302f04b58495fff79489a3b980d80172f0a21a9cb911cfaa1910791b4551355e61167701876fc57b9ba8f9f82995b3b9faff266
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+FKO:LJ0TAz6Mte4A+aaZx8EnCGVuFv

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2316-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2316-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2316-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-12.dat	upx
behavioral1/memory/2316-15-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2316-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5219675729b67cfa971d8c97d3bd074b99e6f8a84ea68ac255c6a3fb7ded8682.exe

C:\Users\Admin\AppData\Local\Temp\5219675729b67cfa971d8c97d3bd074b99e6f8a84ea68ac255c6a3fb7ded8682.exe
"C:\Users\Admin\AppData\Local\Temp\5219675729b67cfa971d8c97d3bd074b99e6f8a84ea68ac255c6a3fb7ded8682.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-gIWnpc0zaeXIcYgh.exe

Filesize
83KB

MD5
f1845eb53a1a99bb805dde18b466b2aa

SHA1
50de9e51d9c66df588a15d616c0364d36d9d50ef

SHA256
d897886abb270ccbe9adb32daeaec1fdbeb88130c14bf67496a69245b975c2a5

SHA512
7ab4a8dd81df076b5c8970ffb2a6b4f690c7d899a59d5dba7cb6dd05400cffb9f81f039392f998d2fe92c73d45b4e5642b745504b2f4711c7a2c7f69fde810ff

Download Submit
memory/2316-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2316-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2316-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2316-15-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2316-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download