Overview

overview

7

Static

static

3

RTSSSetup736.exe

windows7-x64

7

RTSSSetup736.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...st.dll

windows7-x64

3

$PLUGINSDI...st.dll

windows10-2004-x64

3

$PLUGINSDI...64.dll

windows7-x64

1

$PLUGINSDI...64.dll

windows10-2004-x64

1

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...rd.bmp

windows7-x64

3

$PLUGINSDI...rd.bmp

windows10-2004-x64

7

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$R0.dll

windows7-x64

1

$R0.dll

windows10-2004-x64

1

Codec/rtvcvfw32.dll

windows7-x64

1

Codec/rtvcvfw32.dll

windows10-2004-x64

1

DesktopOve...st.exe

windows7-x64

1

DesktopOve...st.exe

windows10-2004-x64

1

DesktopOve...er.exe

windows7-x64

3

DesktopOve...er.exe

windows10-2004-x64

7

EncoderServer.cfg

windows7-x64

3

EncoderServer.cfg

windows10-2004-x64

3

EncoderServer.exe

windows7-x64

1

EncoderServer.exe

windows10-2004-x64

1

EncoderServer64.exe

windows7-x64

1

EncoderServer64.exe

windows10-2004-x64

1

RTFC.dll

windows7-x64

3

RTFC.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    24/06/2024, 12:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RTSSSetup736.exe

  • Size

    16.0MB

  • MD5

    f57c07115788603cf14320f2632f6668

  • SHA1

    28f8643ec2cccaa623f045912453fc299a48f141

  • SHA256

    941cc44f629086310dba8c9e96ab55994f230eef6917a2e70ec6c9b698154d88

  • SHA512

    c89ceff65565872a9b5b4d0d5eee27707f60da8d1dabbfd584ab08703923ec516d085e4da2be9c733b1908402d91b61af05754135715985fa92066691158c956

  • SSDEEP

    393216:qFBK2BtyEcwROqvt3RQVDDdnnao1aQKT0+FTQP28uci:q7BUEcwRdv9RQJxna3A+VQPzi

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RTSSSetup736.exe
    "C:\Users\Admin\AppData\Local\Temp\RTSSSetup736.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsyDD7.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    08de81a4584f5201086f57a7a93ed83b

    SHA1

    266a6ecc8fb7dca115e6915cd75e2595816841a8

    SHA256

    4883cd4231744be2dca4433ef62824b7957a3c16be54f8526270402d9413ebe6

    SHA512

    b72e7cea5ce1f4dc64e65a1f683a3ef9e3fa2dc45cf421f569eb461f1fdcc0caf4ff62a872e62b400579f567c6ff9fc3c2e6e020cdca89d96015502c803a09b9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyDD7.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    ca5bb0ee2b698869c41c087c9854487c

    SHA1

    4a8abbb2544f1a9555e57a142a147dfeb40c4ca4

    SHA256

    c719697d5ced17d97bbc48662327339ccec7e03f6552aa1d5c248f6fa5f16324

    SHA512

    363a80843d7601ba119bc981c4346188f490b388e3ed390a0667aaf5138b885eec6c69d4e7f60f93b069d6550277f4c926bd0f37bc893928111dc62494124770

    Download Submit