b333cef5a5ae6bc35db1226808534b72363f67e7f75aa0f04a3675c44f3d1502

Analysis

max time kernel
120s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2024, 07:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b333cef5a5ae6bc35db1226808534b72363f67e7f75aa0f04a3675c44f3d1502N.exe
Size

83KB
MD5

07abfaadcc7b06822cca62fdd4404aa0
SHA1

3306374f7aec6af7ae2bdfc2e1f4ffee7a07116a
SHA256

b333cef5a5ae6bc35db1226808534b72363f67e7f75aa0f04a3675c44f3d1502
SHA512

65397475df1bfc7f1b06b32666c36f8eb0b9fd147149859fb30002c06e6a4d3a8372bd57203324506489ebe44d0183f24465d6b548d799839a6fce00dae9c5cc
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+UK+:LJ0TAz6Mte4A+aaZx8EnCGVuUn

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3092-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3092-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3092-4-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3092-8-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/files/0x0008000000023cad-12.dat	upx
behavioral2/memory/3092-15-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3092-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b333cef5a5ae6bc35db1226808534b72363f67e7f75aa0f04a3675c44f3d1502N.exe

C:\Users\Admin\AppData\Local\Temp\b333cef5a5ae6bc35db1226808534b72363f67e7f75aa0f04a3675c44f3d1502N.exe
"C:\Users\Admin\AppData\Local\Temp\b333cef5a5ae6bc35db1226808534b72363f67e7f75aa0f04a3675c44f3d1502N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-A57ddXrn5woqKLOm.exe

Filesize
83KB

MD5
a18d397acf5ec45033495d5a27da526d

SHA1
8219b6d3ce19a9a3bf4a740cab27fe864036c5dc

SHA256
df1ba06538a866d74f4b66cbff6f11eae7871c595e882204b1bd9fb623f9063c

SHA512
e725a84358ae484999bcfa3f8ec31e31718e5d2a9acc83946b7c692b5eede558a4125e0f9585cb6a8187c5b7914c478070aa665ba338a1947c31310686ac3701

Download Submit
memory/3092-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3092-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3092-4-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3092-8-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3092-15-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3092-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download