f9740f9ddcff00ced727b4f9dcc3c56bd0315915ed946374bc63567051aaf8c0

General

Target

f9740f9ddcff00ced727b4f9dcc3c56bd0315915ed946374bc63567051aaf8c0.exe
Size

130KB
MD5

63c59b483043c0d4c519310f1c21795d
SHA1

3016f733c8a539e1d82ec31499e885f275eac82d
SHA256

f9740f9ddcff00ced727b4f9dcc3c56bd0315915ed946374bc63567051aaf8c0
SHA512

3d4d2e06d36578f83be0909b840ce7c3deba89376e4e5765351c05f7681edeb7ec0904cecfed1ed0c5d31d536957fe64f76936bfecbd558a3f1f4b557567db8e
SSDEEP

1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZB:SKQJcinxphkG5Q6GdpIOkJHhKRyOXK3

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2160-0-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/2160-66-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/2160-75-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/227940-798925-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/2160-798927-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/files/0x00090000000164b1-798953.dat	upx
behavioral1/memory/116196-798971-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/227940-798975-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/116196-818619-0x0000000000400000-0x0000000000423000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f9740f9ddcff00ced727b4f9dcc3c56bd0315915ed946374bc63567051aaf8c0.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2160	f9740f9ddcff00ced727b4f9dcc3c56bd0315915ed946374bc63567051aaf8c0.exe

C:\Users\Admin\AppData\Local\Temp\f9740f9ddcff00ced727b4f9dcc3c56bd0315915ed946374bc63567051aaf8c0.exe
"C:\Users\Admin\AppData\Local\Temp\f9740f9ddcff00ced727b4f9dcc3c56bd0315915ed946374bc63567051aaf8c0.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2160
- C:\Users\Admin\AppData\Local\Temp\f9740f9ddcff00ced727b4f9dcc3c56bd0315915ed946374bc63567051aaf8c0.exe
  "C:\Users\Admin\AppData\Local\Temp\f9740f9ddcff00ced727b4f9dcc3c56bd0315915ed946374bc63567051aaf8c0.exe"
  2⤵
  PID:227940
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c ""C:\Users\Admin\AppData\Local\Temp\IFNAG.bat" "
    3⤵
    PID:116080
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v ".Flasfh" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\..Flash\Flaseher.exe" /f
      4⤵
      PID:116148
- - C:\Users\Admin\AppData\Roaming\..Flash\Flaseher.exe
    "C:\Users\Admin\AppData\Roaming\..Flash\Flaseher.exe"
    3⤵
    PID:116196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IFNAG.bat

Filesize
145B

MD5
da0cbe87b720a79b294147ed6a4b98be

SHA1
ebf0dc9efd7a12cb192e355cda87546acb4ab360

SHA256
7ccfeff356fdccc9145bd1e263aa1c56360ca7b6552ed5a5665c596d02a627ed

SHA512
f55c4a3d24d2f11db5eda3c816d1cd3b8804a171a7bf715b13d60788247fbb352eafaa5bd4e0a8086c1013396be0a48c7bdb904ab0f974fa0c75e81e3d365acc

Download Submit
\Users\Admin\AppData\Roaming\..Flash\Flaseher.exe

Filesize
130KB

MD5
3ad8e0dd2c44c5c6e41dea8c49b6ea1c

SHA1
dae6d30141e399f0615c92ef76e14ec94c533a87

SHA256
303eb1fe949544cdc8618d0210d970a4c6a858469c65bf07ca1266d74a4a0136

SHA512
016e73e09accf0e4a04a1d7eba494005fe81fb6e9b84740da2ef9c206fe22b70f96119d4c6b016a3078bc431deb5d27517326a19ca53e0da7892faa5edbf94b1

Download Submit
memory/2160-798927-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2160-75-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2160-0-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2160-50-0x0000000000416000-0x0000000000417000-memory.dmp

Filesize
4KB

Download
memory/2160-41-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2160-21-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2160-66-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2160-9-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2160-798916-0x00000000025A0000-0x00000000025C3000-memory.dmp

Filesize
140KB

Download
memory/2160-11-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2160-52-0x0000000000430000-0x0000000000431000-memory.dmp

Filesize
4KB

Download
memory/2160-3-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/116196-818619-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/116196-798971-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/227940-818601-0x00000000025C0000-0x00000000025E3000-memory.dmp

Filesize
140KB

Download
memory/227940-798969-0x00000000025C0000-0x00000000025E3000-memory.dmp

Filesize
140KB

Download
memory/227940-798968-0x00000000025C0000-0x00000000025E3000-memory.dmp

Filesize
140KB

Download
memory/227940-798975-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/227940-813586-0x00000000025C0000-0x00000000025E3000-memory.dmp

Filesize
140KB

Download
memory/227940-798970-0x00000000025C0000-0x00000000025E3000-memory.dmp

Filesize
140KB

Download
memory/227940-818613-0x00000000025C0000-0x00000000025E3000-memory.dmp

Filesize
140KB

Download
memory/227940-818607-0x00000000025C0000-0x00000000025E3000-memory.dmp

Filesize
140KB

Download
memory/227940-798925-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing