381c071d82388260e73dafe5c4c674c16f6d82178831c8a88e291f5b7beb56e1

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
30-11-2024 05:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

381c071d82388260e73dafe5c4c674c16f6d82178831c8a88e291f5b7beb56e1N.exe
Size

83KB
MD5

87ab70ccc0ae08ad296b83746dd33100
SHA1

37c5ce8a69ab6439554ecbd2783eaea7ac2a702c
SHA256

381c071d82388260e73dafe5c4c674c16f6d82178831c8a88e291f5b7beb56e1
SHA512

e02ebdd744713d9dcc70894adb449ab6fb3a58c6633e051a1c7eaa4bbd456697ac047e3b25cdb1cb59df2a4aa5bcb8857d966814dbe55f623cca4281a82e5ae4
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+RKu:LJ0TAz6Mte4A+aaZx8EnCGVuRf

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2092-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2092-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2092-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-11.dat	upx
behavioral1/memory/2092-12-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2092-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	381c071d82388260e73dafe5c4c674c16f6d82178831c8a88e291f5b7beb56e1N.exe

C:\Users\Admin\AppData\Local\Temp\381c071d82388260e73dafe5c4c674c16f6d82178831c8a88e291f5b7beb56e1N.exe
"C:\Users\Admin\AppData\Local\Temp\381c071d82388260e73dafe5c4c674c16f6d82178831c8a88e291f5b7beb56e1N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-PaXhZO1E3OvEjDy0.exe

Filesize
83KB

MD5
56e6ead6a2eb1f4dacb9dfc494513691

SHA1
0718384d6a203f89cbe8ca540b7fbc33cf06dd57

SHA256
70d3ebe8f6d65c4060194028cfffea6effa35abc09d448a0758ac5ee3c6c3cc9

SHA512
f1e1b3d6bab85ffa1fe51ab5ee17a9ab2e9b46d808d054fab2b0cfd9640bd09b71c52e628b9a153f76a01c7a51487a2a7d23d8c3f91c1422af881891b8251127

Download Submit
memory/2092-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2092-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2092-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2092-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2092-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download