e29b35b54006e645109455830fe65092db5b2a9895c3d197c8c477b9bfc73c1a

Analysis

max time kernel
120s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 05:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e29b35b54006e645109455830fe65092db5b2a9895c3d197c8c477b9bfc73c1a.exe
Size

83KB
MD5

be95c8908e278aa72ce68561f1b6624a
SHA1

050c1b8ad4f348ce720eee329dd7fd28ae410c9d
SHA256

e29b35b54006e645109455830fe65092db5b2a9895c3d197c8c477b9bfc73c1a
SHA512

c0eae7c80d1541ed33fa7437ab8a95b7730c818d364efe475252fc8bfd9abd5eed10603ed33860868ce5e62f751ab7eaae9b1f5e00e8ef3ff39ec9ec096d7cde
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+8Kq:LJ0TAz6Mte4A+aaZx8EnCGVu8l

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/928-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/928-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/928-8-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/files/0x0008000000023cad-12.dat	upx
behavioral2/memory/928-15-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/928-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e29b35b54006e645109455830fe65092db5b2a9895c3d197c8c477b9bfc73c1a.exe

C:\Users\Admin\AppData\Local\Temp\e29b35b54006e645109455830fe65092db5b2a9895c3d197c8c477b9bfc73c1a.exe
"C:\Users\Admin\AppData\Local\Temp\e29b35b54006e645109455830fe65092db5b2a9895c3d197c8c477b9bfc73c1a.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-H0jp5JcyPZnf4Tf2.exe

Filesize
83KB

MD5
e02cbef2401775572b068516b4b6e706

SHA1
55a1a77bf03fb36f65cac8aa92efc9a5bb2110d0

SHA256
10c195a058e6ec3d1dadc4370ef4592fe2f0afaa2144c7cca2bd3812ed48f102

SHA512
0c3426976b74a36bf1c2420a155ff7806b95af986b885c1f30723305ecf015fdf892c61cc0282a6fedeeff69a22a51b0e8ca3d9553f976b905f69a7c3a4f17ae

Download Submit
memory/928-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/928-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/928-8-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/928-15-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/928-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download