9408f5e068d9896c91957394a30a3890b3707eae2f98c559be5f3fc40fa0e3f9

Analysis

max time kernel
110s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2024 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9408f5e068d9896c91957394a30a3890b3707eae2f98c559be5f3fc40fa0e3f9N.exe
Size

83KB
MD5

0e02782fce96d8eec17586d76ef742a0
SHA1

463ba8110cadeb5778de8a06607fc588e54a23e6
SHA256

9408f5e068d9896c91957394a30a3890b3707eae2f98c559be5f3fc40fa0e3f9
SHA512

cb99adf4e8824bd1d2f9a4985c2e97b2d5b9ddc2a7c9acea2218942404b86bf24784bbbeac862e546b5ff2ef4240e9ad9d087c27e97d255b49eb9b081d18c1bf
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+iKK:LJ0TAz6Mte4A+aaZx8EnCGVui1

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4280-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4280-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4280-8-0x0000000000400000-0x000000000042A000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\rifaien2-X1pOVeUymUrIyHD0.exe	upx
behavioral2/memory/4280-15-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4280-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

9408f5e068d9896c91957394a30a3890b3707eae2f98c559be5f3fc40fa0e3f9N.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9408f5e068d9896c91957394a30a3890b3707eae2f98c559be5f3fc40fa0e3f9N.exe

C:\Users\Admin\AppData\Local\Temp\9408f5e068d9896c91957394a30a3890b3707eae2f98c559be5f3fc40fa0e3f9N.exe
"C:\Users\Admin\AppData\Local\Temp\9408f5e068d9896c91957394a30a3890b3707eae2f98c559be5f3fc40fa0e3f9N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-X1pOVeUymUrIyHD0.exe

Filesize
83KB

MD5
9a02f273dcb900b26f379a25e418be6c

SHA1
e873ec51eb9812f61516cc614e7526ceab7fc3b1

SHA256
afbccce676643a03b3b891fd9264012d1a800c46c217c7e33dd41995e49af124

SHA512
6d37b1869c5867107797965c2bbd00ded2466c93c1b2297eaab47b324593fd005e56dfc6dad782a981f7c3429086a87e2d5fe5114184a59e126b7400c27130df

Download Submit
memory/4280-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4280-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4280-8-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4280-15-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4280-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download