3f8455fca4a5d4c59faf94f1bf44c08a561cb67b11f280c9e7785a22ecc42cb2

Analysis

max time kernel
138s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-08-2024 12:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rmaildxp_v1914_eng_full.exe
Size

11.6MB
MD5

f35abfbb5b669ec5c81cb081271d0902
SHA1

92ba34d14835dbbe7a6e9a21e231f0ee0c6a323a
SHA256

07f7044c0e0cbd5ba2ce6eaad44e57022068c10dabcec402164fb04041e452f9
SHA512

1b251105fb5f5590d44ffd02b787b0529a06575a2d7de666330ac2d56ad855c64415caaeae09906bd088e8301ab6317d6e3449d3018c34a4929511aad45ac282
SSDEEP

196608:p1k8hzr6kvCB0nyivptNiHTUvP82reUe0kbC83rMAefIVvSnZN:pjhzr6kJyivptNizUHrX38UN

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1528	rmaildxp_v1914_eng_full.exe
1528	rmaildxp_v1914_eng_full.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rmaildxp_v1914_eng_full.exe

C:\Users\Admin\AppData\Local\Temp\rmaildxp_v1914_eng_full.exe
"C:\Users\Admin\AppData\Local\Temp\rmaildxp_v1914_eng_full.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsnC0D0.tmp\InstallOptions.dll

Filesize
13KB

MD5
550a3317798d599add2698ec87180919

SHA1
4c311c88b428972e70645476e59269641365c1bc

SHA256
1bee687f883a12d2b475071c244bc0dbc70336e818b28ae65a526332dabf2d1e

SHA512
329283aa3397d171efec6fbe1cf15a3b64dbedd66679fa44184d45225b7d3e7845eb85d4340a6b703005e2b7be61a9db2dad160fe130822d4a5d66ef31d63808

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnC0D0.tmp\LangDLL.dll

Filesize
5KB

MD5
2c3c8976d729d28478a789217a882291

SHA1
10c18b23fac957419547ef0f8ec3bc1b10e91e79

SHA256
799f91bdd59f2133bf195c5b4ca685ee91666d981a6bcd8a6c45b7c8ecc96eef

SHA512
749c650974f94cc5009124d3fa3d9bb1ee5824a3fa0a76b81733e08379678a2a1b7c54b77d1709fb6de24c81c68c03c0ec3e9ec5ccad0d30d9237300794f1213

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnC0D0.tmp\ioSpecial.ini

Filesize
707B

MD5
c61faff6ca4f521bdae3a89e89bba5d9

SHA1
4d27e79f16bf02bd217e6b66866e6a2b95ff3bda

SHA256
7731872872b4fc1bd52b3efad37342b08cff654888b7ec91aea0ecbdd5239e26

SHA512
c3f08505a454928259ad605cc11d01f015b8e8c6f57be3b7ea2ac3d2e3a63c4c3f2c4e5a2786a8050a924009d056b9b3e2206541e32f3cd77958729ac7841d04

Download Submit