cb512723599ee561e3a11dc5f2d0f2b870ed0fdca8d6a5d96a3b408cc7291dd0

Analysis

max time kernel
111s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-01-2025 09:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cb512723599ee561e3a11dc5f2d0f2b870ed0fdca8d6a5d96a3b408cc7291dd0.exe
Size

83KB
MD5

59b5b085012df243c9e156519743b978
SHA1

6cf004d63e22b9aecfc58eb87faa36c650827eca
SHA256

cb512723599ee561e3a11dc5f2d0f2b870ed0fdca8d6a5d96a3b408cc7291dd0
SHA512

62ad4942aeaf105e467f3922549b4ae7a8f44e303ccf64980f68df3524566eddaf11a816ea327cc807aff7140b4a3e0ac0c659a831eee31fed88866cb10d47e3
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+mKu:LJ0TAz6Mte4A+aaZx8EnCGVumf

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1600-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1600-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1600-4-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1600-8-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/files/0x0008000000023c88-11.dat	upx
behavioral2/memory/1600-13-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/1600-21-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cb512723599ee561e3a11dc5f2d0f2b870ed0fdca8d6a5d96a3b408cc7291dd0.exe

C:\Users\Admin\AppData\Local\Temp\cb512723599ee561e3a11dc5f2d0f2b870ed0fdca8d6a5d96a3b408cc7291dd0.exe
"C:\Users\Admin\AppData\Local\Temp\cb512723599ee561e3a11dc5f2d0f2b870ed0fdca8d6a5d96a3b408cc7291dd0.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-XdMQ0e77sBIDDqXu.exe

Filesize
83KB

MD5
78de2bc947de1310378e1b63e1ded19a

SHA1
0794d2c90eb5cfd26102c69d49c036704ae38a2e

SHA256
fc8bdfda646c8888a89642b6ee2bc60e73d6d0e38ca30895b3e51452baa2fc27

SHA512
928d471d827d8a7930a9a321f336c861b39daf7af279cfe65c399468762266c87ff3689d6e8d39171701beb9aed9a19e19374003fa0669ed9001e95001845925

Download Submit
memory/1600-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1600-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1600-4-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1600-8-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1600-13-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1600-21-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download