2283a75d3ab26c435c0924adf7a591067e0f59cf0b39fd646516e94e5c236880

Analysis

max time kernel
111s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30/11/2024, 05:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2283a75d3ab26c435c0924adf7a591067e0f59cf0b39fd646516e94e5c236880N.exe
Size

83KB
MD5

ec47b2e3a439d4b1ba2df376fa7f6350
SHA1

ca00f5f5957901a39933d8a0652b2ac7667a709c
SHA256

2283a75d3ab26c435c0924adf7a591067e0f59cf0b39fd646516e94e5c236880
SHA512

a7872cdbec2b637569a758a6a32dc82a1080f25c7d942bb0fb9962cf18bee709fdc3072abc66c61194664485d742753b5c29c886a39b762f2383d602341eab54
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+fKu:LJ0TAz6Mte4A+aaZx8EnCGVuff

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1668-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1668-2-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1668-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1668-9-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/files/0x000c000000023b93-13.dat	upx
behavioral2/memory/1668-16-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1668-23-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2283a75d3ab26c435c0924adf7a591067e0f59cf0b39fd646516e94e5c236880N.exe

C:\Users\Admin\AppData\Local\Temp\2283a75d3ab26c435c0924adf7a591067e0f59cf0b39fd646516e94e5c236880N.exe
"C:\Users\Admin\AppData\Local\Temp\2283a75d3ab26c435c0924adf7a591067e0f59cf0b39fd646516e94e5c236880N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-Sy8A007GIs7Yhy6O.exe

Filesize
83KB

MD5
590592d57a8428eb52fb8e4edd87ae2b

SHA1
704c15cb9670d891163bd5510e36ff1978363441

SHA256
7ebf01ade95f991b6efb5e7d01d9b4f963bf7bba44c423c5ffa0181c915ffea4

SHA512
f5c8337785ca6b12fbf97e52f4bf0ce7d6b5c1dff93bf942e8c2b53c13062bf3b88065614ff0f124d5d85a9def812aa93f8a9d0678512be27ea0eb66927f69b6

Download Submit
memory/1668-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1668-2-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1668-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1668-9-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1668-16-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1668-23-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download