Overview
overview
7Static
static
3Royal_Tools.rar
windows7-x64
3Royal_Tools.rar
windows10-2004-x64
3Royal Tool...er.exe
windows7-x64
7Royal Tool...er.exe
windows10-2004-x64
7builder.pyc
windows7-x64
3builder.pyc
windows10-2004-x64
3Royal Tool...OS.exe
windows7-x64
7Royal Tool...OS.exe
windows10-2004-x64
7RoyalToolsDDOS.pyc
windows7-x64
3RoyalToolsDDOS.pyc
windows10-2004-x64
3Royal Tool...ns.txt
windows7-x64
1Royal Tool...ns.txt
windows10-2004-x64
1Royal Tools/royal.exe
windows7-x64
7Royal Tools/royal.exe
windows10-2004-x64
7royal.pyc
windows7-x64
3royal.pyc
windows10-2004-x64
3Royal Tools/royal.log
windows7-x64
1Royal Tools/royal.log
windows10-2004-x64
1Analysis
-
max time kernel
1561s -
max time network
1565s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
19-06-2024 00:46
Behavioral task
behavioral1
Sample
Royal_Tools.rar
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Royal_Tools.rar
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
Royal Tools/Royal Grabber.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
Royal Tools/Royal Grabber.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
builder.pyc
Resource
win7-20240419-en
Behavioral task
behavioral6
Sample
builder.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Royal Tools/RoyalToolsDDOS.exe
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
Royal Tools/RoyalToolsDDOS.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
RoyalToolsDDOS.pyc
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
RoyalToolsDDOS.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
Royal Tools/gennedTokens.txt
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
Royal Tools/gennedTokens.txt
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
Royal Tools/royal.exe
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
Royal Tools/royal.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
royal.pyc
Resource
win7-20240611-en
Behavioral task
behavioral16
Sample
royal.pyc
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
Royal Tools/royal.log
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
Royal Tools/royal.log
Resource
win10v2004-20240508-en
General
-
Target
Royal Tools/royal.exe
-
Size
130.6MB
-
MD5
057bf674eb6dc5f743b9fa22802583a3
-
SHA1
6207c2c0d554d1faef6a533658316427261cb05a
-
SHA256
db9a1e6f9fce71c1177707ca6d62d34f4786184819deae2bd89474a521aa9314
-
SHA512
b7b93cc59fb24a747150241955e9ca2d824064fc1d02f31c6611032ac76677fb3cdd56a151e4d724ea90f4a8d4982e80bdd47366a8f7a2610df30dc1c8224ce8
-
SSDEEP
3145728:Byp52qHO5iVf6gGQ879Pf8M/3ZHNkNLN6zspx7dPf8M/3ZHNkNLN6zspx7I:Bw/HCixuQY9n3P5NSxGwVdn3P5NSxGwW
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
royal.exepid process 572 royal.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
royal.exedescription pid process target process PID 1708 wrote to memory of 572 1708 royal.exe royal.exe PID 1708 wrote to memory of 572 1708 royal.exe royal.exe PID 1708 wrote to memory of 572 1708 royal.exe royal.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Royal Tools\royal.exe"C:\Users\Admin\AppData\Local\Temp\Royal Tools\royal.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1708 -
C:\Users\Admin\AppData\Local\Temp\Royal Tools\royal.exe"C:\Users\Admin\AppData\Local\Temp\Royal Tools\royal.exe"2⤵
- Loads dropped DLL
PID:572
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.6MB
MD53c388ce47c0d9117d2a50b3fa5ac981d
SHA1038484ff7460d03d1d36c23f0de4874cbaea2c48
SHA256c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb
SHA512e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35