Overview
overview
7Static
static
3Royal_Tools.rar
windows7-x64
3Royal_Tools.rar
windows10-2004-x64
3Royal Tool...er.exe
windows7-x64
7Royal Tool...er.exe
windows10-2004-x64
7builder.pyc
windows7-x64
3builder.pyc
windows10-2004-x64
3Royal Tool...OS.exe
windows7-x64
7Royal Tool...OS.exe
windows10-2004-x64
7RoyalToolsDDOS.pyc
windows7-x64
3RoyalToolsDDOS.pyc
windows10-2004-x64
3Royal Tool...ns.txt
windows7-x64
1Royal Tool...ns.txt
windows10-2004-x64
1Royal Tools/royal.exe
windows7-x64
7Royal Tools/royal.exe
windows10-2004-x64
7royal.pyc
windows7-x64
3royal.pyc
windows10-2004-x64
3Royal Tools/royal.log
windows7-x64
1Royal Tools/royal.log
windows10-2004-x64
1Analysis
-
max time kernel
1791s -
max time network
1799s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
19-06-2024 00:46
Behavioral task
behavioral1
Sample
Royal_Tools.rar
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Royal_Tools.rar
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
Royal Tools/Royal Grabber.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
Royal Tools/Royal Grabber.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
builder.pyc
Resource
win7-20240419-en
Behavioral task
behavioral6
Sample
builder.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Royal Tools/RoyalToolsDDOS.exe
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
Royal Tools/RoyalToolsDDOS.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
RoyalToolsDDOS.pyc
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
RoyalToolsDDOS.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
Royal Tools/gennedTokens.txt
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
Royal Tools/gennedTokens.txt
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
Royal Tools/royal.exe
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
Royal Tools/royal.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
royal.pyc
Resource
win7-20240611-en
Behavioral task
behavioral16
Sample
royal.pyc
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
Royal Tools/royal.log
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
Royal Tools/royal.log
Resource
win10v2004-20240508-en
General
-
Target
Royal_Tools.rar
-
Size
169.4MB
-
MD5
f2e4261dd244b5cfc825be7a7970610b
-
SHA1
497b74b578ec48d35b87a952a4b457a3ed782c97
-
SHA256
ee591f3c06835c05fa8fdeb6931010e7338a75d76e9aaa799efccbfe5b076142
-
SHA512
bcc6715df31818e07b8e56c37457b5707596f5aee9c0247bd53b7be875ad5c853380c7ab15b9b29d58e2840b8710b535ef2983dacfe8268e4f218f9f12f3a974
-
SSDEEP
3145728:uckdxCDadHRLPFtpmDZnVzHk66B/UI62VN4WxJL2K2M85fuiCu5O1A:SdxCS9Fty1oGIVVNjLRPCOA
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 2176 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Royal_Tools.rar1⤵
- Modifies registry class
PID:856
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2176
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1036,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=4492 /prefetch:81⤵PID:2200
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4112,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=4352 /prefetch:81⤵PID:3396