b9af69ac821a649f211c99e3edf32a76a213e9450b5e972a6cdda5758af530dd

max time kernel
142s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 15:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RMActivate.exe
Size

588KB
MD5

3e8112702b46de61183bd69a8362db6e
SHA1

156e40e5a469a1ad83def2e7794f3429f4d8cbc9
SHA256

f4d81d9b36de445714b2616edcc43fb41b42f0025722f95275bbc270c6174f53
SHA512

3fb7ebef882441149204a3836bad1ddb9e231b90fbb7777728d8b67fbeb53b170c0df07e24ae9afc3427d26c443d5582951ff9a57ae3010f81b51b92f613068c
SSDEEP

12288:7/8OlUtSRkgqN+T2+J/kVlHNpBf5OpAKTogf:1D66j8HBfyTogf

Score

1^/10

Malware Config

Signatures

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	RMActivate.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\uDRM	RMActivate.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\uDRM\MK = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003f945ed72d44d3489ac9a36be9e2e8b100000000040000002000000010660000000100002000000041a7ff0ce558abee76dd44e648f4ea3ecab43d41196816ba361d90b8e95c5867000000000e8000000002000020000000169a54f29f5eed548aa87858a2b50e51271040856ed911cb19aa8e489c835408a00400008da29ef1a2e01c4d2c6ab453dac4546ca922b69c744893a3553d48f7da08a2ebe982877dcc50923cc26c2267e2e3f0df007f0a6cf70da2c694f6e26d7dbcb0bd3d5d641456a2781ef1929d32d172a9bc5c178d612669bf22e5de4c6cafd760c25e1240f23e249c7c1244ca521bd745b532dfc2e65e827951ade131f535df65ce6351f4d44b24662dc037b863c84dac82cd340563f520aed454fa4097cff7ec26251e39775e9b458e21dc4d9714e7ef6442cc28c639f6ebe59fe3f7e828e6fb7aeadf8c78b1d30febdf2c675d7d29ccb0742dd509841fc0332070717865a985ceafa27b23c496334ba8a4b9f5ae0ffa242645773373f6fed8691ee99b930cce19eece5a302d818d28a299d2a631533e23cec8e8f74ba9eef898b3f21a0cc5767fb663461ee30246728167ab47a375aa31c962d9044d05ea654cd80ebabe47c1978b01a9fd85e20d06cf1cd4a0d08073b75f3b595981eda2604e4f59c9a7cdefae2293b2df126d29b8c49f1dcf98b094f2e254ba49aa5d052de291e634e8e7887419be6bdc0c79158d79a1dd52ee34a4e2b45fa0825da73ae2b09e3726e6e45f9193f0bf4c8f6354fd25b7ab28f167361132d8ed3d9741a8176c0ef011b4c0b91c5e93904f59c85fcdc2bd875b8e135a6c02f611df018cb27a4f1dcd70718d1cc3945995f1c21bfa617d44722a0d3e15f0b15517f7fbe7773b0140fba846ff3a709b026a9296cc45b22199d7a4453a1f86e2c3aa2f3dea53cee79a323eb212651d0f6f68e8109ba7a4d010ece29ee79360cfdcd2b261648ef93a4fd5189bf410262d83389fd123296063a4d5891d69991893de2d64a92f2b4338e79b816abafe3fe5fa8b3a2f76074f5ce95adb27b4b0d724046e49830e0c07adaeba2f55a46b9b7f0a6432dc89068c279a3f816d6637a127e3bbf687ee089aedeffec251e92e80e99393e0bdf18c7f8075f39e2ccdeef5c1b5f1aa81af7588dd59ae0da64fdf7b07c74d29fdc9889f9b6ec773afd42437a34332f9b1576e7d5d781fc29f8ffdabdd445b922fc1890802cd0bccabab9a62b076ce1634de41b7694fa5cd20f168c98fe7b626aadec819728b43b3a21830efe8025f31296b7b1c40aa7ad2fda6019e598c1caf1ed05140bbe4f8f3b2161cbba7d953913c49f1b9b60324be96c7a358d246ec16d1ae89c6f98bd23aeec29c2383dbca1826cdea3fcde6e8be3877e0d15b155b94910732fbad13170c043574044e46c1901f27d6596a56ca9400d209f9b5dc2e749d8a31cb0c3f146cd204571bd91ce432a5f77671c7368ead0f60c8c01a37718393972ce5a4494e7e8c06c020d1f7124d906aeb07589bbc8b1b8d1ea06488969c075b21224752f88752713e2d3358f93d8b35f9437d0153ff72ddb5c056126765ac0a36bb7eb54bd27af84cc1e6169e422d5a2e0c0c084369ab934a188b2f3386e89f585709182afe59d9255a04715a328e7da63bc354fc866fe3493f6d13659cdc31f1417ba38aa5605c915dce3d39a559fabca880302da2fa622b93b4100af450bd6ede814c3d1637d2e660ba4d59c326939a50bedb4778ae7ed2ad6d7291a9029dd5cd22f5089e7e84a1249cdc4acc6e25e40dd06b6f11f2a0a57020adaeb91706f2e76e1820449e203bacc90007650a6c3a5515dea13839862bdd4000000085767d142d9b41f8b671d31243b52da6f2b1b85220e8a2ed73af8e045c759e83cf0764e1b0f3bf09b05344ad288fbecb4f981d5efaad96b1c7407f2ab46b544e	RMActivate.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\uDRM\SK = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003f945ed72d44d3489ac9a36be9e2e8b1000000000400000020000000106600000001000020000000b9b86815b566a1db93a83ce32092ed27ac2bbd8301500518cdd766dffe2c970c000000000e800000000200002000000068000b1c543f9431f0bf15378444f5bbc74ee6552d70fc58f79e7609ee27e0049000000046a54ea9c6700ce2996f6125e2a9dfb0f2923435a996a4cec142446da20f7490be7525692c57e08db4a8723bec3b6bbb6f73c5dd2b1274f638556993df76157de8185dab3bb12c9ebed0a138ca6c15eec185328ead9cd565752a96f76581ad4a41a6790ff51485e208ba9c859f9f126f2955536e41922b54052cf3fd683b49108e963b9f43ad95c2e951dadd52c461f34000000002f27c087de6c87368e9e4dfe3a7491223762933475a978d5c22c607f12b840f58f5e9c16045e66ebc1fc8981aceee66be351234f4f27377248adf732597edce	RMActivate.exe

C:\Users\Admin\AppData\Local\Temp\RMActivate.exe
"C:\Users\Admin\AppData\Local\Temp\RMActivate.exe"
1⤵
- Modifies registry class
PID:3252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3252-0-0x00000239A3DD0000-0x00000239A3DE0000-memory.dmp

Filesize
64KB

Download
memory/3252-2-0x00000239A3DD0000-0x00000239A3DE0000-memory.dmp

Filesize
64KB

Download
memory/3252-3-0x00000239A3DD0000-0x00000239A3DE0000-memory.dmp

Filesize
64KB

Download
memory/3252-1-0x00000239A3DD0000-0x00000239A3DE0000-memory.dmp

Filesize
64KB

Download
memory/3252-4-0x00000239A3DD0000-0x00000239A3DE0000-memory.dmp

Filesize
64KB

Download
memory/3252-5-0x00000239A3DD0000-0x00000239A3DE0000-memory.dmp

Filesize
64KB

Download
memory/3252-8-0x00000239A3DD0000-0x00000239A3DE0000-memory.dmp

Filesize
64KB

Download
memory/3252-9-0x00000239A3DD0000-0x00000239A3DE0000-memory.dmp

Filesize
64KB

Download
memory/3252-10-0x00000239A3DD0000-0x00000239A3DE0000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads