Overview

overview

10

Static

static

10

rmprepusb-2-1-746.exe

windows11-21h2-x64

7

QEMU/StartFromUSB.cmd

windows11-21h2-x64

6

QEMU/cygwin1.dll

windows11-21h2-x64

3

QEMU/makeg...so.cmd

windows11-21h2-x64

1

QEMU/mkisofs.exe

windows11-21h2-x64

1

QEMU/qemu-img.exe

windows11-21h2-x64

7

QEMU/qemu.exe

windows11-21h2-x64

7

QEMU/start_VM.exe

windows11-21h2-x64

1

QEMU/sync.exe

windows11-21h2-x64

6

RMBootSect.exe

windows11-21h2-x64

1

RMPARTUSB.exe

windows11-21h2-x64

1

RMPREPUSB.exe

windows11-21h2-x64

3

SYSLINUX/S...ux.exe

windows11-21h2-x64

1

SYSLINUX/S...ux.exe

windows11-21h2-x64

1

SYSLINUX/S...nu.c32

windows11-21h2-x64

3

SYSLINUX/S...ux.exe

windows11-21h2-x64

1

SYSLINUX/S...nu.c32

windows11-21h2-x64

3

TESTMBR/ReadMe.html

windows11-21h2-x64

1

TESTMBR/makeall.bat

windows11-21h2-x64

1

USB_Disk_Eject.exe

windows11-21h2-x64

7

WINCONTIG/...ig.exe

windows11-21h2-x64

1

WINPE_EXTR...60.dll

windows11-21h2-x64

1

WINPE_EXTR...ve.exe

windows11-21h2-x64

6

Windows_RO.cmd

windows11-21h2-x64

1

cyggcc_s-1.dll

windows11-21h2-x64

1

cygwin1.dll

windows11-21h2-x64

1

grubinst.exe

windows11-21h2-x64

1

rmprepusbxp.cmd

windows11-21h2-x64

1

rmprepusbx...an.cmd

windows11-21h2-x64

1

syslinux.exe

windows11-21h2-x64

1

touchdrv.exe

windows11-21h2-x64

1

weesetup.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    1382s
  • max time network
    1169s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    17/05/2024, 15:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    rmprepusb-2-1-746.exe

  • Size

    9.5MB

  • MD5

    ecc4ac0de4ba3e1da417671717062bca

  • SHA1

    6d9a42c5a190582bf3ac61c7b33f3eafb953b03c

  • SHA256

    5a94297d0dca8f767865f0d374e4e81fd357f58b5932fe666eed614bcc6026cb

  • SHA512

    7599d01edb9b1bbf205ba15764ca5198d54be34eecd8f3fa824fcfba33f5da5a44b781e4d5a0dffb87488eb403a69f6220cd6a372918fb863aad1ae3261cc6a6

  • SSDEEP

    196608:VrmIUZbYLGWWERnC3xy6LrSfWIbW7AvSDrR+EmggEo39MdSa+PKXlu:Vr5URZ3xy6Xabjy00gIdSa1u

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\rmprepusb-2-1-746.exe
    "C:\Users\Admin\AppData\Local\Temp\rmprepusb-2-1-746.exe"
    1⤵
    • Loads dropped DLL
    PID:3920

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsp7939.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    9384f4007c492d4fa040924f31c00166

    SHA1

    aba37faef30d7c445584c688a0b5638f5db31c7b

    SHA256

    60a964095af1be79f6a99b22212fefe2d16f5a0afd7e707d14394e4143e3f4f5

    SHA512

    68f158887e24302673227adffc688fd3edabf097d7f5410f983e06c6b9c7344ca1d8a45c7fa05553adcc5987993df3a298763477168d4842e554c4eb93b9aaaf

    Download Submit