5333fed1ecff3d2db7ed40c174679e1840d8bc762dcf5223f5fab793dd57ec2d

Analysis

max time kernel
92s
max time network
93s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
11-01-2025 06:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5333fed1ecff3d2db7ed40c174679e1840d8bc762dcf5223f5fab793dd57ec2d.exe
Size

236KB
MD5

99536d58d2b671ac7f348c2b085df51b
SHA1

5e177911ad78760ec6281ce03153657dc54c5aa8
SHA256

5333fed1ecff3d2db7ed40c174679e1840d8bc762dcf5223f5fab793dd57ec2d
SHA512

7667a78dce1f80f3c277105481fbe94c526103c1f123994ae5a9a4df4c7dcb959ffd3cf366c00190651d240ce72033ee79c55bc18d1b194301944391396de708
SSDEEP

3072:xJ0Bs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/c/FnncroP9v:7wDeM7iNEkgiOb31k1EC6J/Fv

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3064-0-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral1/memory/3064-1-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-7.dat	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5333fed1ecff3d2db7ed40c174679e1840d8bc762dcf5223f5fab793dd57ec2d.exe

C:\Users\Admin\AppData\Local\Temp\5333fed1ecff3d2db7ed40c174679e1840d8bc762dcf5223f5fab793dd57ec2d.exe
"C:\Users\Admin\AppData\Local\Temp\5333fed1ecff3d2db7ed40c174679e1840d8bc762dcf5223f5fab793dd57ec2d.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-5c19WrRk5Pub3C1U.exe

Filesize
236KB

MD5
0dc206062dab15c3d55fe56c52327b17

SHA1
aa7d2de032b0615180e3de2c558a1e3482918577

SHA256
398552bdb1e250647889323f841d659f241d6112b409fc4c0d2570c594f0ef20

SHA512
889cbb75dac5a82eb22fd63c5da4bdc40913f42fc9df29844ca3ef970eae1d8edb6eaa3e0520821579ed23d36f47da5cd5f5bd4d8d5e78709f74ff7890cef363

Download Submit
memory/3064-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3064-1-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download