cf3fd0109f8b6f73d933ef61587710c7fa3ac31af831c257e8273d3dc9c3905d

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11-01-2025 06:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf3fd0109f8b6f73d933ef61587710c7fa3ac31af831c257e8273d3dc9c3905d.exe
Size

83KB
MD5

98ea59a475eb94b45db981bd677b974b
SHA1

7dcc358aa0f140608743baf6db677ace53fd8e80
SHA256

cf3fd0109f8b6f73d933ef61587710c7fa3ac31af831c257e8273d3dc9c3905d
SHA512

9838543b0bb5d4d9a6848cbfc110007d0e40668e66f40ee43e9da2ca2e0c3266d437e51c35aa8b5873ed0a79d8c4e07117cf039b5d0e961f385b6d33c42ffa04
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+bK:LJ0TAz6Mte4A+aaZx8EnCGVub

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2432-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2432-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2432-5-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0004000000004ed7-11.dat	upx
behavioral1/memory/2432-12-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2432-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2432-29-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cf3fd0109f8b6f73d933ef61587710c7fa3ac31af831c257e8273d3dc9c3905d.exe

C:\Users\Admin\AppData\Local\Temp\cf3fd0109f8b6f73d933ef61587710c7fa3ac31af831c257e8273d3dc9c3905d.exe
"C:\Users\Admin\AppData\Local\Temp\cf3fd0109f8b6f73d933ef61587710c7fa3ac31af831c257e8273d3dc9c3905d.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-udQDyO3E8lNEsdIk.exe

Filesize
83KB

MD5
c4437e2d33282b14bc92104642be0e1c

SHA1
7bf3cb0dbd7f57a8923fb1787f26d7321f5facee

SHA256
e93b2d9d4125b26973d3ad680c486a1d040ee37e478d3ba127a972ad967e57b6

SHA512
48dfc403d5b4d14fbb0ddc9340d4150c86354f367e2812c0f4ee98fadbb10e9fe188898c4de3722df9954490e259ec259e59ed053a0318f886deaa29efa5ad00

Download Submit
memory/2432-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2432-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2432-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2432-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2432-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2432-29-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download