Analysis

  • max time kernel
    110s
  • max time network
    92s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20/11/2024, 03:37

General

  • Target

    b6f27956799b9e5a9bf8a33eaf1c803b76141392c93d12422f87e15766acb8e9N.exe

  • Size

    83KB

  • MD5

    ad9db8a4cb54d0eed71551bbbbd33cb0

  • SHA1

    1aed289d5392e6e16dcce9c34f415ebaf82edfe9

  • SHA256

    b6f27956799b9e5a9bf8a33eaf1c803b76141392c93d12422f87e15766acb8e9

  • SHA512

    8641131a27be1ca46fa64cf2c5f141b491d8529dd0b677454c379bbb21b316ff29ebe2196df9828a6d876d20afb886f036d1b7a81b87bef20e128745965d9920

  • SSDEEP

    1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+qKK:LJ0TAz6Mte4A+aaZx8EnCGVuqB

Score
5/10

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\b6f27956799b9e5a9bf8a33eaf1c803b76141392c93d12422f87e15766acb8e9N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6f27956799b9e5a9bf8a33eaf1c803b76141392c93d12422f87e15766acb8e9N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2984

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rifaien2-6xsRmtGYOGBHiuBj.exe

    Filesize

    83KB

    MD5

    25fc91b123c4cde9675140c44c679f31

    SHA1

    dac2ddd801f7a8c3803399aae5a1c5db18a71b72

    SHA256

    d6892eed96022da69b26ed4a74ceeecdeda022416b8d739b6edbfba2154026db

    SHA512

    f8d46c2a35c5da236bd54014213ad26eeb3510faaa96d15d08887756a61d7b45ce6fe6e7439b84aae1671f80164fcc1c20f143898a248bc7b8ab717fdfd60104

  • memory/2984-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/2984-1-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/2984-5-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/2984-14-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/2984-22-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB