Overview

overview

7

Static

static

3

print.exe

windows10-2004-x64

1

printfilte...vc.exe

windows10-2004-x64

1

printui.exe

windows10-2004-x64

1

proquota.exe

windows10-2004-x64

1

provlaunch.exe

windows10-2004-x64

1

provtool.exe

windows10-2004-x64

1

prproc.exe

windows10-2004-x64

1

psr.exe

windows10-2004-x64

1

pwlauncher.exe

windows10-2004-x64

1

rasautou.exe

windows10-2004-x64

1

rasdial.exe

windows10-2004-x64

1

raserver.exe

windows10-2004-x64

1

rasphone.exe

windows10-2004-x64

1

rdpclip.exe

windows10-2004-x64

1

rdpinput.exe

windows10-2004-x64

1

rdrleakdiag.exe

windows10-2004-x64

1

readCloudD...gs.exe

windows10-2004-x64

1

recdisc.exe

windows10-2004-x64

1

recover.exe

windows10-2004-x64

1

refsutil.exe

windows10-2004-x64

1

reg.exe

windows10-2004-x64

1

regedt32.exe

windows10-2004-x64

7

regini.exe

windows10-2004-x64

1

regsvr32.exe

windows10-2004-x64

1

rekeywiz.exe

windows10-2004-x64

1

relog.exe

windows10-2004-x64

1

repair-bde.exe

windows10-2004-x64

1

replace.exe

windows10-2004-x64

1

resmon.exe

windows10-2004-x64

7

rmttpmvscmgrsvr.exe

windows10-2004-x64

1

rrinstaller.exe

windows10-2004-x64

1

rstrui.exe

windows10-2004-x64

1

Resubmissions

09/07/2024, 13:39

240709-qydwdayanf 7

09/07/2024, 07:52

240709-jqdr3swdle 6

09/07/2024, 06:42

240709-hgkzcs1bjl 5

09/07/2024, 06:34

240709-hb2d6azhjn 3

09/07/2024, 05:47

240709-ggxgqa1crh 4

Analysis

  • max time kernel
    141s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/07/2024, 13:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    regedt32.exe

  • Size

    28KB

  • MD5

    207a18addff39febf2d0f91c6881a6f0

  • SHA1

    39944ffa6f0213c7a18fe511eddbe900124fb931

  • SHA256

    8bd7f2057809dfebc7d11a5786a2ec9c7f776a499de1200f64dd21e82be429ff

  • SHA512

    8e651ba56ffe7169b3363d2db5389ec92293a41a853d3209c239b13acce2a71cd046f5384549332eb56df8cc054e66607fa886074df8e415c0c154d3dae02915

  • SSDEEP

    192:QYG7otlo2BYPEjifdde3UE8CcxXykW7xW:3vtWcYMjiWUbtykW7xW

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs regedit.exe 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\regedt32.exe
    "C:\Users\Admin\AppData\Local\Temp\regedt32.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3296
    • C:\Windows\regedit.exe
      "C:\Windows\regedit.exe"
      2⤵
      • Runs regedit.exe
      PID:740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads