Overview

overview

10

Static

static

10

RCX/RCX.exe

windows7-x64

3

RCX/RCX.exe

windows10-2004-x64

7

RCX/RCX.exe.lnk

windows7-x64

3

RCX/RCX.exe.lnk

windows10-2004-x64

7

RCX/RCX/RCX/RCX.exe

windows7-x64

3

RCX/RCX/RCX/RCX.exe

windows10-2004-x64

3

RCX/RCXDraw.dll

windows7-x64

3

RCX/RCXDraw.dll

windows10-2004-x64

1

RCX/RCXDraw.exe

windows7-x64

1

RCX/RCXDraw.exe

windows10-2004-x64

1

RCX/RCXJPN.dll

windows7-x64

1

RCX/RCXJPN.dll

windows10-2004-x64

1

RCX/trz4A49.exe

windows7-x64

3

RCX/trz4A49.exe

windows10-2004-x64

3

RCX/trz6D30.exe

windows7-x64

3

RCX/trz6D30.exe

windows10-2004-x64

7

RCX/trzBF87.exe

windows7-x64

3

RCX/trzBF87.exe

windows10-2004-x64

7

RCX/trzDBC9.exe

windows7-x64

3

RCX/trzDBC9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    09/01/2024, 18:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    RCX/RCX.exe.lnk

  • Size

    758B

  • MD5

    0175ab02ca5aee20c22b5dd700d4ae63

  • SHA1

    4bea714d90a0188b060b24c18b896cc76b981903

  • SHA256

    9fc8cb56d3e95a452c1dee688df3e15cca83bcac4029420debda956b0b16a320

  • SHA512

    d09a10d76ab01ca63f85f520ac85e38eca55fb01576687382df5b2baeb4cca5ec0c1fc7a878bf3f94805eec6fed74330732722babca324d177342aa352cc0b8e

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\RCX\RCX.exe.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2196
    • C:\Users\Admin\AppData\Local\Temp\RCX\RCX.exe
      "C:\Users\Admin\AppData\Local\Temp\RCX\RCX.exe"
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2864
      • C:\Users\Admin\AppData\Local\Temp\RCX\RCXDraw.exe
        "C:\Users\Admin\AppData\Local\Temp\RCX\RCXDraw.exe"
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:2832

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2832-57-0x0000000010000000-0x00000000103AB000-memory.dmp

          Filesize

          3.7MB

          Download

        • memory/2832-59-0x0000000010000000-0x00000000103AB000-memory.dmp

          Filesize

          3.7MB

          Download

        • memory/2864-56-0x0000000000400000-0x0000000000496000-memory.dmp

          Filesize

          600KB

          Download

        • memory/2864-58-0x0000000000400000-0x0000000000496000-memory.dmp

          Filesize

          600KB

          Download