cc6a857ffda3b4506a5f27dd03526069dbc09ebd79f1ee319aa081b9ec04dcac

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 04:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc6a857ffda3b4506a5f27dd03526069dbc09ebd79f1ee319aa081b9ec04dcac.exe
Size

83KB
MD5

69cd83501ed300c48550917d29d181b7
SHA1

1f37203fad8c5878d3a259292950d6ec815289d8
SHA256

cc6a857ffda3b4506a5f27dd03526069dbc09ebd79f1ee319aa081b9ec04dcac
SHA512

292998879bd0fd754424e50289c99233814609217bc7b268f51db191512d1011194ce0c91af5767c0cb82414e04fcf3a62468830c8067349f30b0effe918f479
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+rKe:LJ0TAz6Mte4A+aaZx8EnCGVur3

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2532-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2532-2-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2532-8-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-12.dat	upx
behavioral1/memory/2532-15-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2532-23-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cc6a857ffda3b4506a5f27dd03526069dbc09ebd79f1ee319aa081b9ec04dcac.exe

C:\Users\Admin\AppData\Local\Temp\cc6a857ffda3b4506a5f27dd03526069dbc09ebd79f1ee319aa081b9ec04dcac.exe
"C:\Users\Admin\AppData\Local\Temp\cc6a857ffda3b4506a5f27dd03526069dbc09ebd79f1ee319aa081b9ec04dcac.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-wKnG4D5PTy4gPahV.exe

Filesize
83KB

MD5
6db03c2633f31223744f54d2b9a463ce

SHA1
cb736c68a487eb138bc29bc390b5184547bfc639

SHA256
1de8bfce34625588324e99b46364a4af8a9ae964d8da848ad6df30b6b8ab91a4

SHA512
1e71064f47768c9dab1b6a87def4788a632793974ca87054cc9161bcac207334030a9a22f1657a711f4f7c7fd6ad833918ab99defaed779fb005c329b136dbad

Download Submit
memory/2532-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2532-2-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2532-8-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2532-15-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2532-23-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download