Overview

overview

3

Static

static

1

RoPro_Rex.zip

windows7-x64

3

RoPro_Rex.zip

windows10-2004-x64

1

RoPro_Rex/...s.json

windows7-x64

3

RoPro_Rex/...s.json

windows10-2004-x64

3

RoPro_Rex/...s.json

windows7-x64

3

RoPro_Rex/...s.json

windows10-2004-x64

3

RoPro_Rex/...s.json

windows7-x64

3

RoPro_Rex/...s.json

windows10-2004-x64

3

RoPro_Rex/...s.json

windows7-x64

3

RoPro_Rex/...s.json

windows10-2004-x64

3

RoPro_Rex/...s.json

windows7-x64

3

RoPro_Rex/...s.json

windows10-2004-x64

3

RoPro_Rex/...s.json

windows7-x64

3

RoPro_Rex/...s.json

windows10-2004-x64

3

RoPro_Rex/...s.json

windows7-x64

3

RoPro_Rex/...s.json

windows10-2004-x64

3

RoPro_Rex/...s.json

windows7-x64

3

RoPro_Rex/...s.json

windows10-2004-x64

3

RoPro_Rex/...s.json

windows7-x64

3

RoPro_Rex/...s.json

windows10-2004-x64

3

RoPro_Rex/...s.json

windows7-x64

3

RoPro_Rex/...s.json

windows10-2004-x64

3

RoPro_Rex/...s.json

windows7-x64

3

RoPro_Rex/...s.json

windows10-2004-x64

3

RoPro_Rex/...s.json

windows7-x64

3

RoPro_Rex/...s.json

windows10-2004-x64

3

RoPro_Rex/...s.json

windows7-x64

3

RoPro_Rex/...s.json

windows10-2004-x64

3

RoPro_Rex/...s.json

windows7-x64

3

RoPro_Rex/...s.json

windows10-2004-x64

3

RoPro_Rex/...s.json

windows7-x64

3

RoPro_Rex/...s.json

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    06/08/2024, 01:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RoPro_Rex/_locales/ar_EG/messages.json

  • Size

    5KB

  • MD5

    5bd05f54b24ba0b06bb862af2bd10726

  • SHA1

    84b00cd589084a76dbdb7619253c15bf129220ba

  • SHA256

    5e3e7e70a965ba9e0df456c2d3b84346a92c97131f4b63c26c72216d4abaf77c

  • SHA512

    d03fab38d52f65f5c680b551462a44a064c033738fc5c3bc011780f77c1a4aa170f8b7bb256e29798d967fa7ada1ba103cf2254ed9fe68bebfdb8efff80f2639

  • SSDEEP

    48:aSekLBqxik9Mfz16m+fYN2uv0uYDW3Fc3guVkY1KbS5nLq/xSOsx/q5VDOcvAHbI:r16hfQ2uv0ud3QrVkYkOliVDnobxOpV

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\RoPro_Rex\_locales\ar_EG\messages.json
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3056
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\RoPro_Rex\_locales\ar_EG\messages.json
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2304
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\RoPro_Rex\_locales\ar_EG\messages.json"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    22d2f72ff04b1672b35198fc78a38ee2

    SHA1

    aa8d5227e1838a4cc2fcc93559d773b66b44f280

    SHA256

    ec79af73ddcb1c7de5c5786368cda97906309311b5130291fb6daf2accf9abe1

    SHA512

    b6a5fa8600df47c375ab716eb649b832e5b581e76f3d83526b153193b912992111bad69ce3f202dc89031c88118fc596d6992adcb30b75c55d79ff7fe3f18ea3

    Download Submit