9df41ebe1a2c61bbc382a85a7788e127e4dafada4955a1b6c3dfcaf460bd714f

Resubmissions

09-07-2024 13:39

240709-qydwdayanf 7

09-07-2024 07:52

09-07-2024 06:42

09-07-2024 06:34

09-07-2024 05:47

Sharing

Copy URL

Twitter E-mail

General

Target

application.zip
Size

199.1MB
Sample

240709-qydwdayanf
MD5

3ff2cfb0d40a8d203dbc8e7e213abfd1
SHA1

51e29901a0e5f7e7c93b22ef07f9ecbcf038fcea
SHA256

9df41ebe1a2c61bbc382a85a7788e127e4dafada4955a1b6c3dfcaf460bd714f
SHA512

a8ca689dce70cad02d3a438fab918b143699eb27c22f7fa40418ea26b154f93db4f99b4611a597720bc0c72933f458c98e3793af800e991ecc783a21da4c466a
SSDEEP

6291456:UOriWJ0ns9w5OrSTi87nm1o/h6aXXRhevjJiEmRA:UOri2qnmwHhhXilixK

Score

7^/10

Malware Config

Targets

- Target
  
  print.exe
- Size
  
  36KB
- MD5
  
  b694d9d775ec5090aef1d6edb300260a
- SHA1
  
  7e85a15853036c2cbe2c87eccda4fa9ebbb5b1aa
- SHA256
  
  aeecaedeccc9dcb0a8d910503f876ef8b9a75f0f2dca1363992befa0f6d11c15
- SHA512
  
  c387a9173d90f202ade7fbbe8c9ad045a1f81d3ddc03b059c11bd42b7ea75867159376cfb672ebee213a36a0a51182a062112e5aacda3a68faa30ef46e0fdd6d
- SSDEEP
  
  192:iBjFGzw9Bq7O8jzCHXNij+iiv/hOHtinGE077m1WTUW:qCw7qNz8iAv/UHYn4q1WTUW
Score

1^/10
behavioral1
- Target
  
  printfilterpipelinesvc.exe
- Size
  
  620KB
- MD5
  
  83ee9a84a06e7dfe217cd0b5fa8c0f9a
- SHA1
  
  791025af80f4996dc233153ca470516f40b62f24
- SHA256
  
  76cf6f235c87ff7f6df66b7751dd322c0e0939c586eec7f8bff4ebed64f1565f
- SHA512
  
  ac7fb86706ae848dc7e3443766e9f9b099c39695c05282e05964cbfcd5e5f1f041c019b795bcfabe93085c7d84331d100458b73c731ad675dc0d3985efef8640
- SSDEEP
  
  12288:N8hwOXFSchZ4nOnEsxpXoxQewWa9vVgku153/rS47T4KuCLWTV:ah9sc/4n+JpXOQxWa9vVgkaF57TfLW
Score

1^/10
behavioral2
- Target
  
  printui.exe
- Size
  
  80KB
- MD5
  
  63ac3af5adde5bd3c82fc1e59b9bcf6f
- SHA1
  
  24d46fcfd77e3b93a2db96582a5d117fd671ff3c
- SHA256
  
  037389320fdb682f69bd7e6ab6230fe076f9d1d75545835afc8215af70daf3f2
- SHA512
  
  7ed3053276f826e14ffb5e256e4c65297f410627ee8c8ae5307aeee0fcb5e84295d9807b23567685030f062fb36fb8b35db6198cf48a5e63afebbbca5adc668f
- SSDEEP
  
  768:keiAnGad5vI1iQfCIWVM9G4qW4ne+S/ly+PKAoXRZX6fbX57UWkCRPPA7/Qn8:scGaVIPd4n+lbeRZIbSQPPA75
Score

1^/10
behavioral3
- Target
  
  proquota.exe
- Size
  
  68KB
- MD5
  
  fb7ffaa07544ce2a7263aa1d0087ebb6
- SHA1
  
  9840bef0289fef913e4f3c364dff751c359ef9fe
- SHA256
  
  4c06554634e0019b258e564a365b8f564d88f41366497bc79b5627eeb8415e07
- SHA512
  
  30967f3ec90d03f261581efb4441002750b6f9bfc38294640a7527b0abef00bf7d5284053a577dd51847a86260af0a2cdf3cee1b634007c704e765eaf85878bc
- SSDEEP
  
  1536:Qps4VRz5zM6kOXch/vm4SbxmT8z851zGZJP3TN+6U:QpxFzM6HsFfTn4PDN+D
Score

1^/10
behavioral4
- Target
  
  provlaunch.exe
- Size
  
  80KB
- MD5
  
  00851730b16ef74d7a9722c390bc8efc
- SHA1
  
  08b32e6b9b8f58292fb80ff1c4fc1b5dea6dbb73
- SHA256
  
  a73c99fc4ecb037092ca6cc21ae86e878bb0318c1d3c622f800dfd8f43b8c27b
- SHA512
  
  ab44bea8a3d3cc2253f97a85302507d03f542887f1f5737a4b96f73f8cf58a86213b6ce98442574281dd23f899d05f58a57cc2abefcdadb6b7290306244c042d
- SSDEEP
  
  1536:nS96XpuvKD77TCMKhXx9ht6DEf6WoCKLKguXJrySZ3+jcirrTnNJFDdF:nS96ZhHKzJCIQgi3TnfFhF
Score

1^/10
behavioral5
- Target
  
  provtool.exe
- Size
  
  112KB
- MD5
  
  77fa181c7dd8904de95f6897f5360c59
- SHA1
  
  c65a6b94bf82e36705c3e7ee47da2309b27a34f2
- SHA256
  
  284a37478a48710da30d7421da1fc9207a81252d6180f23a75ff1e4050535df7
- SHA512
  
  d769b769b6926c43f0d88401c113722c7ee8b13d9fafecc01ed5e0dc64d9a55c50b7577cb8d4a319c485ccd441ad70ded4be7afe560f18bf4dba563c86c40733
- SSDEEP
  
  1536:M2J5iEabY2Jchm5d+6kPGrnHA3aJTMdBz0W9nEufAWdvhEgfm1QU3KMnnxvFY:lnwUyGPGz3NMdluozdZBf8T6MnnfY
Score

1^/10
behavioral6
- Target
  
  prproc.exe
- Size
  
  41KB
- MD5
  
  4a47d2f3b06080a774c3348dde4d71c2
- SHA1
  
  57e9b50d9d7a1c9088e73276093a8cd7448ceacd
- SHA256
  
  551f4829ca2f52981e8e47f2021b5d7ab478060b4ed77563c3d410f36bcf14d6
- SHA512
  
  cf6f1830f529ffb83fb4428703d8e6e4f0796b1a97a10693bab7b61028e31fc52983cd7e421810c33d3022a9c805edb0bea24ead613b5d37658bcde798f76d9b
- SSDEEP
  
  384:/yQKdBZ143roDWSVwHWmaDYgWJYDBRJN/P/R9zfBP:ITAoDWSVw0f1PVPZ9zZP
Score

1^/10
behavioral7
- Target
  
  psr.exe
- Size
  
  376KB
- MD5
  
  1f71274443da0e1b30bfd85e01d8b59b
- SHA1
  
  24a7bcb75c8593c252f1659937e7de6e2824c29d
- SHA256
  
  a878102786af36e173ac419a737c457c683b516dfdb0f9877b70073a1bff2b71
- SHA512
  
  2280156ed48271fce2738c5311c6c866a802210acb570ea75956e86a08626e1fb08d4fa0fae319256af1032c314776ffc4b3f72d17e94372202900dcfaed7dd9
- SSDEEP
  
  6144:/b5gDPIolh1LiieHnJ1+OmGdrHLxSd1SeOjtN2kSLxNn6GXXYHlY+GWW85bdW1i:1gDPIolhNiieHnJ1dmCHLxSd1Se0tNpz
Score

1^/10
behavioral8
- Target
  
  pwlauncher.exe
- Size
  
  52KB
- MD5
  
  d0743203ba4eb04ddffdae63c8d6ded7
- SHA1
  
  117d5503b2bccf3c00623f5a6fd73213b871ad0e
- SHA256
  
  4e8dbb3e89dfd69856c0cce34a6f5960aab1e8d0b42c9dc991accb249e8ec044
- SHA512
  
  2bcf60617c5538b466b7263d8a175b9d5747c10126d1c62794b1330a4664885a28a0a1746da5ef26d0727b32bbb8b7b9d2515683e1efad036a1659b4eddb86d6
- SSDEEP
  
  768:JRLAuL35vJLgZmdagPZxMGE/GIfUMF0T8QSoe4KG0srxOC2fc+:JRjL35xUcTxgnPF0T8G0srY5fc+
Score

1^/10
behavioral9
- Target
  
  rasautou.exe
- Size
  
  40KB
- MD5
  
  b6793a2eb9e3a51851580f453de3bedc
- SHA1
  
  ee2fbcd55aea116fe1dc6f0cc74e2e84a9e9b2a1
- SHA256
  
  8bb21e664648e04a9355e9d6d816d79cf761ab714e0285fa241e3e08ff540fb4
- SHA512
  
  ef11869b3a4e4e3e88cbd9a418bf120f48bcdeb2d38f5e2114d0d1d58db302e75349bea02654a9ee76a5564b346b0338bff555f6f19393aea50af54f8c6bd510
- SSDEEP
  
  384:TiYtxw7F3MZ8Rn5I/7qu9YWbDkr8EWnBW:TiYy8Z8R56Yr8V
Score

1^/10
behavioral10
- Target
  
  rasdial.exe
- Size
  
  44KB
- MD5
  
  9dd71cbb543e25c009d03bcb47db3e6a
- SHA1
  
  e7b44f8a5a94b0eaa417a737dcaa44d51e7a4601
- SHA256
  
  79f382f6394f12b720537acd3502c4b103a9e0fe4b9afaca0db1969491d407f3
- SHA512
  
  6ca4571e9c40aeb6d3b8936501e4383dafab58a9d9ff5601d5d2f6ebdae4fd2da873cd8452cba769d4eb6544dada829d9b58261d77a57f79fdce4008e502b5f4
- SSDEEP
  
  768:Zn2q2svRdkhMZ6qLiriUJRWBrNSYiqmtJX:Znb34hMUqLiriUJRWBJYtJX
Score

1^/10
behavioral11
- Target
  
  raserver.exe
- Size
  
  156KB
- MD5
  
  f78767496d6c74fc666ff75eb7a690c5
- SHA1
  
  c27ea3afb2675d6648f1c647fb6becf33516b286
- SHA256
  
  af20453ae1334e4e504b16a6dcb09ad89616e789c97c9d3921e0eeca088f41f6
- SHA512
  
  3e57b59e7464d8d8ce2a8cb0e47d4b53824a6490f1d48402e22f1fe8222457f5567d3df62342fb9210d57cf992702a4913c166bfde174b4fd99601dd158a408c
- SSDEEP
  
  3072:RNjbYWVApJS7hxG+jZAO9Bjh8wq78yjiM4+BDnOXyLFCcLPxfkzH:RNjbYWVApJS73jZAG9hHqgyWM4gOXyLE
Score

1^/10
behavioral12
- Target
  
  rasphone.exe
- Size
  
  56KB
- MD5
  
  eae5ab50b7fdc35fb957533aa069c67d
- SHA1
  
  1f01548798d0949ab24487183b310e02ababcb70
- SHA256
  
  c372369ede10c6ee658e1a941b884f62baf937d2b5fb0dc3b67b6f2d52ec9b45
- SHA512
  
  568b1a81b06c0f566b8a60a3553ea7494e65b2a981007ef4dc3411ae773923d964a9d729bcd0eeade56776ff2b260b69c565929c162af60f83012e5b7ba04f5e
- SSDEEP
  
  768:SC6LofmRo1L/486iljxtNGLI9wcRw7QtXHYlkd:SCBfwoqexfVbYud
Score

1^/10
behavioral13
- Target
  
  rdpclip.exe
- Size
  
  568KB
- MD5
  
  c5621cdf3d4eab40d67152d6d096043a
- SHA1
  
  97e92c320344b6e47a1f39750fe86bed0349010d
- SHA256
  
  7b2a8cb44506afe93c1965df506dcc70409910ac19a096477ee5468259030a1e
- SHA512
  
  ef24ffea541815a97299a54c4fe9b193f1ff27f54137b57455b51ef73c55b2dbc11a9151fe7e2d25c618255fc0988b097173cc2e63d54c5e0ea5b89b4ba2e958
- SSDEEP
  
  12288:rx3l+x9gZ0X0ZIKfh0IjLmQw8ha2UIUWRP8lHay/5HS7djXR/AYswKhG3LAvPSp0:VA7gZ0X0ZIOh0IfmQw8l5UWREhaG5y72
Score

1^/10
behavioral14
- Target
  
  rdpinput.exe
- Size
  
  208KB
- MD5
  
  12d2b34edb06a69e80f0cb461420e9d1
- SHA1
  
  12b8f92d315eac62d711d499673f8602bbddbc1a
- SHA256
  
  6bd0f269bb5f3ad4bcbb47831a76007b05260df5dfd592648a2c7370285e7140
- SHA512
  
  081e21a08e33ed112278ed8d2dbf37deb676e7d666aaf01631c6da079fe3d225c5bb452c3f2fc7b63dfb22da159260e6cd8b3a3e149eeac86ae3bf96675ec460
- SSDEEP
  
  6144:osK7bxsv1A60XuOi1wOqNprZNpCWoe2/hzu1UMFf:osK7Nsv1R0eOi2OqNpfpCWV2/h61UMFf
Score

1^/10
behavioral15
- Target
  
  rdrleakdiag.exe
- Size
  
  72KB
- MD5
  
  b3c8ccf3abc6ff9a3d11184cc327ccdf
- SHA1
  
  5d989cf55724d1587c815bc311f1f34affe2bf35
- SHA256
  
  277f93c69b3e1780d348eaa7ffaa88f7acae571726098b61cbf2530edb62dd2f
- SHA512
  
  e05937f91615d4a290083181c8e2aa325aa2bdba76146c9ff4cd3a2b959e5087ad2feab5ebefc8e36adcb8e13bc5d539a50a8f6b90b1ef46d5266049a34261ad
- SSDEEP
  
  768:wqWv0P8iCnNSY43Np0kLS8fjAkxbAIJslTToKz4cDko6TNDo2NWeufz:wvMvNykbfsB1GMQo6TNWeu
Score

1^/10
behavioral16
- Target
  
  readCloudDataSettings.exe
- Size
  
  84KB
- MD5
  
  b8c8c28a7de0adb51069514030a39224
- SHA1
  
  6b736ed80659e30c8a6d3037fa8453254cea0c6a
- SHA256
  
  3a7676d57d60213cff75e13e4f64f92415469c0b29ce1586b6b091629f81ed12
- SHA512
  
  3b385f6605183dc96a95ee36978c02fb725e66c34441c749cdbef3dc43e4e6d6d1a77c02bd3a0cb4303d6216c8f1569880f87230ca93b649ee3734ab771b0759
- SSDEEP
  
  1536:MiPNY+MvHCKPr+pm9qh2rqsY2gTeWjUte0xZ4uqPlTkQH2RPrO3P:MiovbaRMGsQeWAguqtTkUXf
Score

1^/10
behavioral17
- Target
  
  recdisc.exe
- Size
  
  208KB
- MD5
  
  d6c12f81fc5355de02f4daf1534bb266
- SHA1
  
  9e20fec524be611a76e6bd3df09f525117cba893
- SHA256
  
  f6a418f7e59c0a06080a1cc81ab11bbcd6d9b2b3e86492157a124ad008171522
- SHA512
  
  883bbe2a67f572b4bd849ab4eaf0bc247ec9577a921a17c2aec68b82926e840b396f90b904f62a0a54c73d3f31620ca0e6025209fd5ddc1731510ad33d98ad1a
- SSDEEP
  
  3072:hZlvcHvU+kITsxe18rJo4E1HlNVHXXBAtEAuegPO8evTq2VF:Z+kITsxearJo4E1Hl/HXXBZFegEv+2V
Score

1^/10
behavioral18
- Target
  
  recover.exe
- Size
  
  36KB
- MD5
  
  622bbe68d0866f2869e8777a1e311268
- SHA1
  
  d334876166e006f4abc821cd23adbfef98587dcf
- SHA256
  
  215d8a1ee5c0da23c063e49ecc1304f9f8a6e3adc88f715f986dae9cb5ea72a9
- SHA512
  
  41cec85cddb6ced90b2152b948dd9a327f3e3ba5f14c70447f005c20a2ddee0d28c9fb9fd139a03a763bf69bd8b633fb9aa11c2c71a3d072ac48441fe2425f3b
- SSDEEP
  
  192:FR2j+5yz8lTFtZeSOy41OKdg4KtD4rJMm2jWUnWC:6+5e8tFWzf0JaR2jWUnW
Score

1^/10
behavioral19
- Target
  
  refsutil.exe
- Size
  
  1.7MB
- MD5
  
  2d374432108c1972ad607835862acf9f
- SHA1
  
  0c2aa2dcade3a3a75acedba9b6bf07bed32d05bc
- SHA256
  
  0361b088b276ee91a6dcd701ab76b366330bf558b79abb2e3599d57115eba53f
- SHA512
  
  8efd61a29f25c462be6314eca0ba08c3b48179859544f85573e841586daeee231293c2b55f553b5fdd825257bd9c73ad2d69c806176b272eb5e0969bdd4d08c9
- SSDEEP
  
  49152:ZTnVzP7aHjBS/JxaRn7CCT6E+pNCJ+8aJ57NdF:zYjRnvT6Z
Score

1^/10
behavioral20
- Target
  
  reg.exe
- Size
  
  100KB
- MD5
  
  cdb58d0bcabe76afc60428f364834463
- SHA1
  
  979f280b1226e064cc79020b25fb8c40d9fb0008
- SHA256
  
  411ae446fe37b30c0727888c7fa5e88994a46dafd41aa5b3b06c9e884549afde
- SHA512
  
  9b0e87deb62b37dd3a4df8267beeb442cb0ffedeb810dde4929a44b4c16568d3491533c57b85eb3a0192116d285c5c35184f391c50b4ac6532132a6c1a6b9d50
- SSDEEP
  
  1536:zb8oTLwn5PfXasYvo3GOKd/mjX7mxQKLqmKF/1qHYEZOk1Y6:kO85PC/o3GOO/MKrLq1cHYOO0
Score

1^/10
behavioral21
- Target
  
  regedt32.exe
- Size
  
  28KB
- MD5
  
  207a18addff39febf2d0f91c6881a6f0
- SHA1
  
  39944ffa6f0213c7a18fe511eddbe900124fb931
- SHA256
  
  8bd7f2057809dfebc7d11a5786a2ec9c7f776a499de1200f64dd21e82be429ff
- SHA512
  
  8e651ba56ffe7169b3363d2db5389ec92293a41a853d3209c239b13acce2a71cd046f5384549332eb56df8cc054e66607fa886074df8e415c0c154d3dae02915
- SSDEEP
  
  192:QYG7otlo2BYPEjifdde3UE8CcxXykW7xW:3vtWcYMjiWUbtykW7xW
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral22
- Target
  
  regini.exe
- Size
  
  64KB
- MD5
  
  350aec6547a015b1e16a916ef9faa305
- SHA1
  
  ab68f6983e2e0b663636bca59c5f48092064a2db
- SHA256
  
  6c8abb75b75c89f26bf1eea9b4d92091db7aab1da877b98386104cd14554fb9c
- SHA512
  
  fdc3beba908afdd785f734b44dfd78f51098c706a09c3c872b7d7e16097d80a870166b3d3fd12161e5f03af8efde3fd76cf21dac90da888d19040675cf4f2757
- SSDEEP
  
  1536:2Wb0zCCA4Ho06R400qPlkyBZswxwm+ppU2JUTwY:R0zCF4Ho06WqPFjsqj6U2JUTN
Score

1^/10
behavioral23
- Target
  
  regsvr32.exe
- Size
  
  44KB
- MD5
  
  af0cdef5f6ecb9b8ebef4e480ebaaa5a
- SHA1
  
  ddde7fd394416798eb2cda8b723faa5ed2baf6cd
- SHA256
  
  02779144af756aab953f13f9e4d28ab3d01a77eb3962756d74099c06babf21b1
- SHA512
  
  cdec3249f61002a22c5f07c92504bad607c2210b6994bc7df60b88f07a23b0d0d36f1a8f158229443108cb701d7b5eccfa55ea73e8be26a38b3b88cb35ff87cf
- SSDEEP
  
  384:dTF2a4mqZ7zTKybz6ZO8zytx3O/fO+QFoQl/kP4brAuWr8LHW:FFLOzTKiuZODtx3O/mxo4/kP4b3L
Score

1^/10
behavioral24
- Target
  
  rekeywiz.exe
- Size
  
  144KB
- MD5
  
  849b44f2f86ec3f22ca9d94f9813d46c
- SHA1
  
  5c3baff0ed6703e1e2ebe5f1a73370a83779370c
- SHA256
  
  39616858275c8486c0947da70e097b13a60bcdc731e6063aa1c361e89d9aa9f5
- SHA512
  
  de355982e09d128b9a0a6b7039ee089ac10486f8b0f1e2cb694e71f6e10d5e7b4af3ccdd5c6e825e1fe9fd6e6287ac147f2b7c8311b863c32355da9051e6a8c6
- SSDEEP
  
  3072:KEqHoPFfhCZ5fpPsnGuHAuQ9VeJ1GaE7CvkcuxitOxqTBdZ:xcoPFfhCZ5fpEnGGAuQ9YNEKhugtOxmf
Score

1^/10
behavioral25
- Target
  
  relog.exe
- Size
  
  72KB
- MD5
  
  f4492868e7930cc1a5cdd1d221b0024b
- SHA1
  
  37ef33abc73ae444ed796db6a3286dd4aba2196d
- SHA256
  
  340b5c5a4f7e396c952937db07fb42b9f74aa892b823d6207737c64c60418a2e
- SHA512
  
  526eca53dcc69248c66c1057540bc4d31d15dab2e0b6d43690f2e148ff7f33d2ce781e93ad1451a021881a850e0aa14eede677a806c71d15955af4b00ef8b0a6
- SSDEEP
  
  1536:HAVVF8Mhd+6Cw0uAvU0c6XLDynyBaG/M4UeE:HAVhd+6libDynysG/XUD
Score

1^/10
behavioral26
- Target
  
  repair-bde.exe
- Size
  
  148KB
- MD5
  
  ae73accf35f818d71d9840d674031010
- SHA1
  
  1daeb139b33525fd976e489abd3b35e89bef78b7
- SHA256
  
  27d19ccc060062f321b296770e152b4c951a5abefb0037a906389cdb4aa8ed3a
- SHA512
  
  89f8fc6dc097c3c5ee4270ca991994aeee6d964a4e03db3e0333d12b544cea836decc2238653a20ea6025f222b1f1666e1ed09d03abfb88b723d9101c35345a7
- SSDEEP
  
  3072:z4VebxxfyD+cda9rwnVS570M9kdatGCO+xmBc+hMPhPsx:0VebxxzcDVs7nyatGt+SYF
Score

1^/10
behavioral27
- Target
  
  replace.exe
- Size
  
  40KB
- MD5
  
  cba41c2fea30bdaae86ef9d11a7f244c
- SHA1
  
  57070ace005360c9d374c7aab78e2f84f1bb3389
- SHA256
  
  3c909292feeda5bac3fa8ca5a41a890f5f123cd674a1e191beedcefba94af5f8
- SHA512
  
  3bb65786ff8e9496c6546682c37826989955a28204c1ce0f61e5b0f405831b006e540f7c05168605e8aa8fd0faae27a66ef51e9fcb39c93d348d309e55fe5796
- SSDEEP
  
  384:/BhL3jYjlmTioJKg1Qy+iZOUjqIoyjczj3qx5sEdWmh/W:/3jYjlmTpJZZOjtj/pEr
Score

1^/10
behavioral28
- Target
  
  resmon.exe
- Size
  
  128KB
- MD5
  
  f13575a9e5c327a66d2767ee8f051866
- SHA1
  
  b7735194fe05f53d58ea4fd56fe4a96fa8fdf247
- SHA256
  
  173d896fdee281ebe88eea03d045b1420d0becd9be8049db4d917f2a85c9c836
- SHA512
  
  16dda5a048fd86ae81742b51e31d112084514beb85216db9edcfaa1eba803af2ff54a700de1fec7f2b5492e0d1f343cbd445c9c8fb7c7cc39b2008a7b07c275f
- SSDEEP
  
  1536:QCFIABqY3KtrtizIo9plJSs9kYuZJnGZLzOcE6Ls7HXG84PK05Z34g/CO+sH:Q0IAghtYIo9piswTogiqQKy349
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral29
- Target
  
  rmttpmvscmgrsvr.exe
- Size
  
  140KB
- MD5
  
  11a13977b80e6826339ec1a415800c73
- SHA1
  
  e80a03ef11fc7b697eab7290cbbf835f6ccb07de
- SHA256
  
  6053bfcb505585bb6849bd36cd73e94adc24056702f5c10f53654869195aeed0
- SHA512
  
  85920c694fbeabcdadf3ba666f2491dc2afe1859268f8d81884e83c539681bb30914a4aad44d4e123df07d1cccf1ec3b326fdc544e5fbced2a94587f97e9d537
- SSDEEP
  
  1536:Q9cBhJCAIMaCkyy7pjy/pPSR/naBARVEUVAct9J+ZNK+q5zoz5Jq35A9pdvoaSAb:WoTmHB8pJC6utlvEz85AnPv7h7GZaye
Score

1^/10
behavioral30
- Target
  
  rrinstaller.exe
- Size
  
  76KB
- MD5
  
  1ce49e8e9b94546c6514d4f3d0a5537f
- SHA1
  
  a53bd8eeb1fb992a09bede381b8e0b2c7884aaa1
- SHA256
  
  1e8d0c4700095833999acc62f88cfc68116c7f050f045cd54ae1f2e06d3ccff5
- SHA512
  
  89adbbeaf1c2c640f283874411324e154911e11eb355b07641c5e65ed23a19931e9dfaf18be012e2717a9a78611fb35f858e3dd96b9f86afc485ac7d291762c8
- SSDEEP
  
  1536:qB9D5jdoc1vHBt1vZUyHCPgQ7JzM2N0kB9/09+vZR:qn5jSc1vBtx3HC4Q7RzNzBaGZR
Score

1^/10
behavioral31
- Target
  
  rstrui.exe
- Size
  
  288KB
- MD5
  
  f400c47a6f59b3835341ab66a20c8e3e
- SHA1
  
  45e1cf748ddb97d10cb3de0309641ecc70fb914b
- SHA256
  
  f048944f4afa8d2e4cf01ddedcacef9d50c8e433a2854ff7465b7a64bdae00d1
- SHA512
  
  186f87ef23ccf957d49c71a7d9e375d48e12d81db65831bc3c038c70622da37346f58a2c67ae957659144d76a0d730d3c7ec247c31e70ee417e4d195aec7515b
- SSDEEP
  
  6144:/wQP+001eYhSgKsJQzs8IzAang/2+UvQ/KpmOq:/w++001eYYgKsJj1zAKrvQ/Kp
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32