Analysis

  • max time kernel
    1559s
  • max time network
    1573s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    19-06-2024 00:46

General

  • Target

    Royal Tools/RoyalToolsDDOS.exe

  • Size

    11.6MB

  • MD5

    c4885dfba54af1d13b70cb62dcc7204f

  • SHA1

    9b4a33a71a54eaf741dd115a0ea59c8265d811f4

  • SHA256

    433ff9fd6ef9048ad43f8240f23359706ebd53cb36f34f22503d134f7234b8b4

  • SHA512

    287747a3ad4e2caf0ad929872c7c96a047d35e342bfb48f022b6b3d6c3e3e3756853e7abec22d5e6110cb3f4c1a9db524f15deec7a97ade44af6221ddf70e029

  • SSDEEP

    196608:nnQEXGn3gBFngPpGAjMGhuPD5U4YA1HeT39IigwCeE9TFa0Z8DOjCdyluEmQM/+c:Q1gBFngP8AxYDX1+TtIiFPY9Z8D8Ccly

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Royal Tools\RoyalToolsDDOS.exe
    "C:\Users\Admin\AppData\Local\Temp\Royal Tools\RoyalToolsDDOS.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2412
    • C:\Users\Admin\AppData\Local\Temp\Royal Tools\RoyalToolsDDOS.exe
      "C:\Users\Admin\AppData\Local\Temp\Royal Tools\RoyalToolsDDOS.exe"
      2⤵
      • Loads dropped DLL
      PID:2712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI24122\python312.dll

    Filesize

    6.6MB

    MD5

    3c388ce47c0d9117d2a50b3fa5ac981d

    SHA1

    038484ff7460d03d1d36c23f0de4874cbaea2c48

    SHA256

    c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

    SHA512

    e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35