Overview
overview
7Static
static
3Royal_Tools.rar
windows7-x64
3Royal_Tools.rar
windows10-2004-x64
3Royal Tool...er.exe
windows7-x64
7Royal Tool...er.exe
windows10-2004-x64
7builder.pyc
windows7-x64
3builder.pyc
windows10-2004-x64
3Royal Tool...OS.exe
windows7-x64
7Royal Tool...OS.exe
windows10-2004-x64
7RoyalToolsDDOS.pyc
windows7-x64
3RoyalToolsDDOS.pyc
windows10-2004-x64
3Royal Tool...ns.txt
windows7-x64
1Royal Tool...ns.txt
windows10-2004-x64
1Royal Tools/royal.exe
windows7-x64
7Royal Tools/royal.exe
windows10-2004-x64
7royal.pyc
windows7-x64
3royal.pyc
windows10-2004-x64
3Royal Tools/royal.log
windows7-x64
1Royal Tools/royal.log
windows10-2004-x64
1Analysis
-
max time kernel
1559s -
max time network
1573s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
19-06-2024 00:46
Behavioral task
behavioral1
Sample
Royal_Tools.rar
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Royal_Tools.rar
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
Royal Tools/Royal Grabber.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
Royal Tools/Royal Grabber.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
builder.pyc
Resource
win7-20240419-en
Behavioral task
behavioral6
Sample
builder.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Royal Tools/RoyalToolsDDOS.exe
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
Royal Tools/RoyalToolsDDOS.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
RoyalToolsDDOS.pyc
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
RoyalToolsDDOS.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
Royal Tools/gennedTokens.txt
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
Royal Tools/gennedTokens.txt
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
Royal Tools/royal.exe
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
Royal Tools/royal.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
royal.pyc
Resource
win7-20240611-en
Behavioral task
behavioral16
Sample
royal.pyc
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
Royal Tools/royal.log
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
Royal Tools/royal.log
Resource
win10v2004-20240508-en
General
-
Target
Royal Tools/RoyalToolsDDOS.exe
-
Size
11.6MB
-
MD5
c4885dfba54af1d13b70cb62dcc7204f
-
SHA1
9b4a33a71a54eaf741dd115a0ea59c8265d811f4
-
SHA256
433ff9fd6ef9048ad43f8240f23359706ebd53cb36f34f22503d134f7234b8b4
-
SHA512
287747a3ad4e2caf0ad929872c7c96a047d35e342bfb48f022b6b3d6c3e3e3756853e7abec22d5e6110cb3f4c1a9db524f15deec7a97ade44af6221ddf70e029
-
SSDEEP
196608:nnQEXGn3gBFngPpGAjMGhuPD5U4YA1HeT39IigwCeE9TFa0Z8DOjCdyluEmQM/+c:Q1gBFngP8AxYDX1+TtIiFPY9Z8D8Ccly
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
RoyalToolsDDOS.exepid process 2712 RoyalToolsDDOS.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
RoyalToolsDDOS.exedescription pid process target process PID 2412 wrote to memory of 2712 2412 RoyalToolsDDOS.exe RoyalToolsDDOS.exe PID 2412 wrote to memory of 2712 2412 RoyalToolsDDOS.exe RoyalToolsDDOS.exe PID 2412 wrote to memory of 2712 2412 RoyalToolsDDOS.exe RoyalToolsDDOS.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Royal Tools\RoyalToolsDDOS.exe"C:\Users\Admin\AppData\Local\Temp\Royal Tools\RoyalToolsDDOS.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2412 -
C:\Users\Admin\AppData\Local\Temp\Royal Tools\RoyalToolsDDOS.exe"C:\Users\Admin\AppData\Local\Temp\Royal Tools\RoyalToolsDDOS.exe"2⤵
- Loads dropped DLL
PID:2712
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.6MB
MD53c388ce47c0d9117d2a50b3fa5ac981d
SHA1038484ff7460d03d1d36c23f0de4874cbaea2c48
SHA256c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb
SHA512e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35