Overview

overview

7

Static

static

7

Reg.Organi...52.exe

windows7-x64

7

Reg.Organi...52.exe

windows10-2004-x64

7

$EXEDIR/Re...on.dll

windows7-x64

3

$EXEDIR/Re...on.dll

windows10-2004-x64

3

$EXEDIR/Re...on.chm

windows7-x64

1

$EXEDIR/Re...on.chm

windows10-2004-x64

1

$EXEDIR/Re...on.chm

windows7-x64

1

$EXEDIR/Re...on.chm

windows10-2004-x64

1

$EXEDIR/Re...nt.dll

windows7-x64

6

$EXEDIR/Re...nt.dll

windows10-2004-x64

6

$EXEDIR/Re...ts.exe

windows7-x64

1

$EXEDIR/Re...ts.exe

windows10-2004-x64

1

$EXEDIR/Re...nt.dll

windows7-x64

3

$EXEDIR/Re...nt.dll

windows10-2004-x64

3

$EXEDIR/Re...ch.dll

windows7-x64

3

$EXEDIR/Re...ch.dll

windows10-2004-x64

3

$EXEDIR/Re...ll.exe

windows7-x64

1

$EXEDIR/Re...ll.exe

windows10-2004-x64

1

$EXEDIR/Re...o5.dll

windows7-x64

3

$EXEDIR/Re...o5.dll

windows10-2004-x64

3

$EXEDIR/Re...er.exe

windows7-x64

7

$EXEDIR/Re...er.exe

windows10-2004-x64

7

$EXEDIR/Re...nt.exe

windows7-x64

3

$EXEDIR/Re...nt.exe

windows10-2004-x64

3

$EXEDIR/Re...er.exe

windows7-x64

3

$EXEDIR/Re...er.exe

windows10-2004-x64

5

$EXEDIR/Re...ce.exe

windows7-x64

3

$EXEDIR/Re...ce.exe

windows10-2004-x64

3

$EXEDIR/Re...ps.dll

windows7-x64

3

$EXEDIR/Re...ps.dll

windows10-2004-x64

3

$EXEDIR/Re...ll.dll

windows7-x64

3

$EXEDIR/Re...ll.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/08/2024, 03:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $EXEDIR/RegOrganizerPortable/Data/InstallerTracingAgent.dll

  • Size

    809KB

  • MD5

    83fc3f7486d97df81051553de6de6f0b

  • SHA1

    931edb82bef031019240328fe98d7ef5479b137f

  • SHA256

    6ce580d0ee65dc90bbd8856bc47211ab7fc61270453187866448faa0bee24310

  • SHA512

    7510307bf03fecb918695a3887a6a427c7a266192eaf5b9430e08430f9183d557c3b7219685378472b78231a9a391c2618c7c0f0e13a9dec86e83a4635a11cf2

  • SSDEEP

    12288:X5Hkcf9ZB92nWwwRbtITC3Q0ykH07VnqaHibGOLIamqDSIIJuT1UP8888888888m:pHB92nWwwteTC6NveG1nIIJu9

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$EXEDIR\RegOrganizerPortable\Data\InstallerTracingAgent.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$EXEDIR\RegOrganizerPortable\Data\InstallerTracingAgent.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4884

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4884-0-0x0000000000BF0000-0x0000000000BF1000-memory.dmp

    Filesize

    4KB

    Download