6e5848a813b2c1a50088f4dec0e8f709ae714029ccc3a9666ea3b335ce953dfa

Analysis

max time kernel
119s
max time network
91s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/01/2025, 06:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e5848a813b2c1a50088f4dec0e8f709ae714029ccc3a9666ea3b335ce953dfa.exe
Size

83KB
MD5

44f8fe23111ce69651a699d3fef4f573
SHA1

a6aaf35356924125cddb9b0566a2c720ee7d7e78
SHA256

6e5848a813b2c1a50088f4dec0e8f709ae714029ccc3a9666ea3b335ce953dfa
SHA512

1d266d90f7641fd35759cc9436f577cca16001a5410d98605119008fc10eb2c18346992dbd8195909b2ad36eb5cd41b5d1d4e0282b7927f03a1055719993c0ad
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+oKe:LJ0TAz6Mte4A+aaZx8EnCGVuo3

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/768-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/768-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/768-6-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-11.dat	upx
behavioral1/memory/768-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/768-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6e5848a813b2c1a50088f4dec0e8f709ae714029ccc3a9666ea3b335ce953dfa.exe

C:\Users\Admin\AppData\Local\Temp\6e5848a813b2c1a50088f4dec0e8f709ae714029ccc3a9666ea3b335ce953dfa.exe
"C:\Users\Admin\AppData\Local\Temp\6e5848a813b2c1a50088f4dec0e8f709ae714029ccc3a9666ea3b335ce953dfa.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-DYk7sD5NNobm2VOH.exe

Filesize
83KB

MD5
6d41eb477dcaae48ddf9e32461829c00

SHA1
873392ef6aec3bfdf86a6aaa050133aecc6a7793

SHA256
9d42663e9aa564de595813c09bb5ff6483616e7ef0101c5cdf6f353b745820ab

SHA512
94778f5dba71e35c6b737928b63008d218d9dbcbb36f39217a87c13d4ff932da689c11b1dee1486a18f8c84c54b9e3e95f85984ee53fa710354f29349f64c782

Download Submit
memory/768-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/768-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/768-6-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/768-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/768-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download