00d69c897cb51d996fe224f554023487920b90b690901b391720fd5df6fbbd13

Analysis

max time kernel
110s
max time network
91s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 09:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00d69c897cb51d996fe224f554023487920b90b690901b391720fd5df6fbbd13.exe
Size

83KB
MD5

32a261fa292bda96d9493b39ef9ccf47
SHA1

1e8df9cb2bdf39e1fe425139259d2a1bb671e3db
SHA256

00d69c897cb51d996fe224f554023487920b90b690901b391720fd5df6fbbd13
SHA512

b260f5864da7335f4af3d6bc8ae3262cc45184c5af5aa1d663e56974f873d41c8f0208b8fbd3aac09ddf4311fc12bed5f873e43a8dfe311875423aa9939b56a4
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+zKP:LJ0TAz6Mte4A+aaZx8EnCGVuzi

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2088-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2088-2-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2088-7-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0004000000013d08-12.dat	upx
behavioral1/memory/2088-15-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2088-23-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	00d69c897cb51d996fe224f554023487920b90b690901b391720fd5df6fbbd13.exe

C:\Users\Admin\AppData\Local\Temp\00d69c897cb51d996fe224f554023487920b90b690901b391720fd5df6fbbd13.exe
"C:\Users\Admin\AppData\Local\Temp\00d69c897cb51d996fe224f554023487920b90b690901b391720fd5df6fbbd13.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-5ndc7swopmBHwVLI.exe

Filesize
83KB

MD5
c8233f1d811d69d2c15701c7342355a8

SHA1
c1f78f5a91ee0712670402cd6e2f62f2d9b27a69

SHA256
dc682cf8e74c8e8814bd773cabf2da886f66026d48addb6bea32dc86ca61ff26

SHA512
d9fd7f296da8aaaa47a3066368390202a41fcedf541a1a8cc7bb85f9050570ef5a0dc49e7aa5be4323fd916e9d9c8fc1632cceb5d7b36d981ae90ea13d9695ea

Download Submit
memory/2088-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2088-2-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2088-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2088-15-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2088-23-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download