9408f5e068d9896c91957394a30a3890b3707eae2f98c559be5f3fc40fa0e3f9

Analysis

max time kernel
111s
max time network
96s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
26-11-2024 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9408f5e068d9896c91957394a30a3890b3707eae2f98c559be5f3fc40fa0e3f9N.exe
Size

83KB
MD5

0e02782fce96d8eec17586d76ef742a0
SHA1

463ba8110cadeb5778de8a06607fc588e54a23e6
SHA256

9408f5e068d9896c91957394a30a3890b3707eae2f98c559be5f3fc40fa0e3f9
SHA512

cb99adf4e8824bd1d2f9a4985c2e97b2d5b9ddc2a7c9acea2218942404b86bf24784bbbeac862e546b5ff2ef4240e9ad9d087c27e97d255b49eb9b081d18c1bf
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+iKK:LJ0TAz6Mte4A+aaZx8EnCGVui1

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2124-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2124-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2124-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2124-11-0x0000000000400000-0x000000000042A000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\rifaien2-rKp8q2FVPJhue2T0.exe	upx
behavioral1/memory/2124-15-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2124-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

9408f5e068d9896c91957394a30a3890b3707eae2f98c559be5f3fc40fa0e3f9N.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9408f5e068d9896c91957394a30a3890b3707eae2f98c559be5f3fc40fa0e3f9N.exe

C:\Users\Admin\AppData\Local\Temp\9408f5e068d9896c91957394a30a3890b3707eae2f98c559be5f3fc40fa0e3f9N.exe
"C:\Users\Admin\AppData\Local\Temp\9408f5e068d9896c91957394a30a3890b3707eae2f98c559be5f3fc40fa0e3f9N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-rKp8q2FVPJhue2T0.exe

Filesize
83KB

MD5
8ca2398769595e9aaf7bbb302b6fb1e0

SHA1
e4aba0a6248fd98f575f5e84b85b73f6c31b39c3

SHA256
6d5845dd7089b4c6f92e04ce0c726a47376cc6db3143a583637b4b9e46a4ad9e

SHA512
eee9069a086c24b01a4671a37e291c050a4fe83e49505ee3d39b8211b8225b83a8b4dcf9269a14441a18c3e04ad0b602fd1e24418611691e1a4789f3d31f8cd9

Download Submit
memory/2124-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2124-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2124-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2124-11-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2124-15-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2124-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download