1a8a4f50591b3e3fd553d2b091d10e70f85de10e6a891416de02599715fd199c

Analysis

max time kernel
110s
max time network
95s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 05:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a8a4f50591b3e3fd553d2b091d10e70f85de10e6a891416de02599715fd199cN.exe
Size

83KB
MD5

3f7d9c8dfd95faf3490ba36ead43b400
SHA1

857b7d3a3168d919a83febbc227e0640cb80c7fc
SHA256

1a8a4f50591b3e3fd553d2b091d10e70f85de10e6a891416de02599715fd199c
SHA512

44dd15954381e261ce6e08b387e2834bab6afc20717c20b75d1e466013e4660df21b022dc532065e4778436bb2a5ecab4f6c234eeb14b114bbf71d992003f417
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+5KO:LJ0TAz6Mte4A+aaZx8EnCGVu5H

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2432-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2432-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2432-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2432-11-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0004000000004ed7-12.dat	upx
behavioral1/memory/2432-15-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2432-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1a8a4f50591b3e3fd553d2b091d10e70f85de10e6a891416de02599715fd199cN.exe

C:\Users\Admin\AppData\Local\Temp\1a8a4f50591b3e3fd553d2b091d10e70f85de10e6a891416de02599715fd199cN.exe
"C:\Users\Admin\AppData\Local\Temp\1a8a4f50591b3e3fd553d2b091d10e70f85de10e6a891416de02599715fd199cN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-zb4wMACnKQd0TK0Y.exe

Filesize
83KB

MD5
88599cbeb3ca1ba377943a4e5a48ec08

SHA1
8c0d37ffb59c7a3794fd81e3c27f3f1b762611f8

SHA256
bcda158b69f307186d691ef5fa37896f47b1ff0d2a3077cc336b2435ba03971c

SHA512
922948f2fa70695acf130d96aa917e1622c9320b719bef4fc3d936795dfd4e44d3ec711c82d301afd6d7e1be4a0be1a41afe5eaaa445b768a985db3d757e83d7

Download Submit
memory/2432-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2432-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2432-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2432-11-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2432-15-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2432-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download