6e5848a813b2c1a50088f4dec0e8f709ae714029ccc3a9666ea3b335ce953dfa

Analysis

max time kernel
120s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2025 06:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e5848a813b2c1a50088f4dec0e8f709ae714029ccc3a9666ea3b335ce953dfa.exe
Size

83KB
MD5

44f8fe23111ce69651a699d3fef4f573
SHA1

a6aaf35356924125cddb9b0566a2c720ee7d7e78
SHA256

6e5848a813b2c1a50088f4dec0e8f709ae714029ccc3a9666ea3b335ce953dfa
SHA512

1d266d90f7641fd35759cc9436f577cca16001a5410d98605119008fc10eb2c18346992dbd8195909b2ad36eb5cd41b5d1d4e0282b7927f03a1055719993c0ad
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+oKe:LJ0TAz6Mte4A+aaZx8EnCGVuo3

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3032-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3032-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3032-4-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3032-8-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3032-11-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/files/0x0008000000023ca1-12.dat	upx
behavioral2/memory/3032-15-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3032-18-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3032-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6e5848a813b2c1a50088f4dec0e8f709ae714029ccc3a9666ea3b335ce953dfa.exe

C:\Users\Admin\AppData\Local\Temp\6e5848a813b2c1a50088f4dec0e8f709ae714029ccc3a9666ea3b335ce953dfa.exe
"C:\Users\Admin\AppData\Local\Temp\6e5848a813b2c1a50088f4dec0e8f709ae714029ccc3a9666ea3b335ce953dfa.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-45d9kDOLT6Qxxdmj.exe

Filesize
83KB

MD5
30fe2fc6cdf5cc6075dca3b934fa06ed

SHA1
0d0fa81a201b721dbb78f13e96fee9bb1c68cea1

SHA256
09c7ff75ba83a5b817478d517742b7ad95e00493a76d4306f6decf948162a48a

SHA512
e8cba359167e6949c23c2c8a939b120447906dc08958239ffe819889f04b24c3e7f94fe1cc68d8aaa8652ca90fcfc351574cd1f5ed832fb1f82980e73449dd4d

Download Submit
memory/3032-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3032-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3032-4-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3032-8-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3032-11-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3032-15-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3032-18-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3032-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download