7c075102bb7f8a344ecb6ae224781661ae995bbcb3f6bccf4b43e6f886d3e740

Analysis

max time kernel
110s
max time network
94s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-11-2024 05:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c075102bb7f8a344ecb6ae224781661ae995bbcb3f6bccf4b43e6f886d3e740N.exe
Size

83KB
MD5

f4d8c596994232a6cdfc8ff1f7bd1030
SHA1

945c428b758637f7d35ee446e385a337a17e69fc
SHA256

7c075102bb7f8a344ecb6ae224781661ae995bbcb3f6bccf4b43e6f886d3e740
SHA512

974c2d46a5350794c1f68254de1e2d9235a98c6eaca5cffe796a8d4b4310223b51f90ee532bf332c1ef0c3c174f7a9201bb4d0d56b326a1cbcdbc147b0e0c308
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+PK+:LJ0TAz6Mte4A+aaZx8EnCGVuPn

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2236-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2236-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2236-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-11.dat	upx
behavioral1/memory/2236-12-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2236-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7c075102bb7f8a344ecb6ae224781661ae995bbcb3f6bccf4b43e6f886d3e740N.exe

C:\Users\Admin\AppData\Local\Temp\7c075102bb7f8a344ecb6ae224781661ae995bbcb3f6bccf4b43e6f886d3e740N.exe
"C:\Users\Admin\AppData\Local\Temp\7c075102bb7f8a344ecb6ae224781661ae995bbcb3f6bccf4b43e6f886d3e740N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-I6RApE1AMeQyV0tW.exe

Filesize
83KB

MD5
756c0a19460c65fe7567b8254e59946d

SHA1
e146af6a94f6991a19879fd67e936fb6eefef2dd

SHA256
4b6b550abd9abc6495ba840401a1ebf500f29a2a6f4d6b14c2342e22b06c3275

SHA512
746b0fdf116784223a62baa1e15b484c26071ebeeb24a081b266fdc14548ce0fed07e6b2e4b948714ddf02beb202072beadd9cc1bbac8704fc6a9955839bd632

Download Submit
memory/2236-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2236-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2236-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2236-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2236-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download