3f8455fca4a5d4c59faf94f1bf44c08a561cb67b11f280c9e7785a22ecc42cb2

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 12:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rmaildxp_v1914_eng_full.exe
Size

11.6MB
MD5

f35abfbb5b669ec5c81cb081271d0902
SHA1

92ba34d14835dbbe7a6e9a21e231f0ee0c6a323a
SHA256

07f7044c0e0cbd5ba2ce6eaad44e57022068c10dabcec402164fb04041e452f9
SHA512

1b251105fb5f5590d44ffd02b787b0529a06575a2d7de666330ac2d56ad855c64415caaeae09906bd088e8301ab6317d6e3449d3018c34a4929511aad45ac282
SSDEEP

196608:p1k8hzr6kvCB0nyivptNiHTUvP82reUe0kbC83rMAefIVvSnZN:pjhzr6kJyivptNizUHrX38UN

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2344	rmaildxp_v1914_eng_full.exe
2344	rmaildxp_v1914_eng_full.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rmaildxp_v1914_eng_full.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2344	rmaildxp_v1914_eng_full.exe

C:\Users\Admin\AppData\Local\Temp\rmaildxp_v1914_eng_full.exe
"C:\Users\Admin\AppData\Local\Temp\rmaildxp_v1914_eng_full.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsd8B30.tmp\ioSpecial.ini

Filesize
707B

MD5
372b48b574dcfa916d3f0a233a548842

SHA1
dead37187ce5b11931f71ca3a1950403affde032

SHA256
a3717942e843af2a6e09ed89da2167475931b974f010e0bc3fdb9f240ce35a76

SHA512
2a650aecbc70762227238520aefd0a7b53fd21d30c373172ba1840397222d10e9bc6ac57e0e34831b7fe91327e0c558c75c496c53330395973439107751cfe5a

Download Submit
\Users\Admin\AppData\Local\Temp\nsd8B30.tmp\InstallOptions.dll

Filesize
13KB

MD5
550a3317798d599add2698ec87180919

SHA1
4c311c88b428972e70645476e59269641365c1bc

SHA256
1bee687f883a12d2b475071c244bc0dbc70336e818b28ae65a526332dabf2d1e

SHA512
329283aa3397d171efec6fbe1cf15a3b64dbedd66679fa44184d45225b7d3e7845eb85d4340a6b703005e2b7be61a9db2dad160fe130822d4a5d66ef31d63808

Download Submit
\Users\Admin\AppData\Local\Temp\nsd8B30.tmp\LangDLL.dll

Filesize
5KB

MD5
2c3c8976d729d28478a789217a882291

SHA1
10c18b23fac957419547ef0f8ec3bc1b10e91e79

SHA256
799f91bdd59f2133bf195c5b4ca685ee91666d981a6bcd8a6c45b7c8ecc96eef

SHA512
749c650974f94cc5009124d3fa3d9bb1ee5824a3fa0a76b81733e08379678a2a1b7c54b77d1709fb6de24c81c68c03c0ec3e9ec5ccad0d30d9237300794f1213

Download Submit