b9af69ac821a649f211c99e3edf32a76a213e9450b5e972a6cdda5758af530dd

max time kernel
147s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 15:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RMActivate_isv.exe
Size

612KB
MD5

6769ee955246508a95520ae4bb43ca5a
SHA1

51ea9f33fb9ea90f7b00cfffc632f80abfae4920
SHA256

6fdcb179f0c31df89eedc836a5dc81232ce72f29b39c1ed5e3282248d3123663
SHA512

5622add401751c884398cf6c2c4c97ca63adeb9c14a58e30e20027c40ead7f49c3de8492c98136af8dc5e17e7cac1ca687bd2ebab90fd86edc9979f09365c604
SSDEEP

12288:70awFM7calwwMjwIP7vlQJb+V+9JT4EgXiB6JNnL:olYy9QJqV+9JT4Oqx

Score

1^/10

Malware Config

Signatures

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	RMActivate_isv.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\uDRM	RMActivate_isv.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\uDRM\MK = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001bc9387f4f791b45af7c7e57591307f1000000000400000020000000106600000001000020000000b74726355565f8de83c8d518a5b0f6c9e8197da261393e6a3ccbf43b2ed3b96c000000000e8000000002000020000000da8887b3126bd4e4ee767d9d16f733aef56a2e647b8ae4de2455c064e30c056ba00400003e32f0c96444de6ec0a4fda47c3436bb748c36337110d0762ee4c38dd1511aee9b006f0f96949b372fd46a870d8f25dbadd0119089ee92b7759b157df82ea220620deb86ec56724c46259cdc4bf2457fe3c402771a9a2f375d5b572ccfe6a6c907081e8b3ea9d92b90226aad850b9f4cc5b675920e05d41e95b55829080862d8d6cd95bf87c56256a632127f66fb49cdf2828791a0a249744b02ab2a3747e3ffddf1b5a4f8bcf9090c1a80e94bfde5c9a8c0e56a1e27f680c79cd08f1d9f67ccb0f9bb77b2cdad57fb6b2abb21940b6f07bbe4d8fe87a62bbe458f5bc3ef2382c9d8d47515de59edf8b08bedbd40ed73b3cc4f74d3bd0ca211c1ef7cf4a284a1084be56ca4323a363d9e36d0d62ef66c32b3c3372f9c4a3c1ed6baa2e881b8382d3e38939f757069c4cd635b89226134dc52503e205a1c73a5f98bd42e81e0a958f5f5607449f280ebc7a7ea4ba672408d2c29659a83d776efca1490d93b92682bf8d3d4d3b66157acfbb1f170c608efe27789d18eb78d78ad9713f1be27f945bc29aa7e27487c82e48623b68127e9c85c73d39f34757f32be664ffd73552c3965fcaf3c42f5f01e9e22667c0d1c0c10d16671468875ed3354099f7e16d325c870b0295435a7660f699f09ff6e987c4b995f0d752ddef419a920f2c79b127b2a896d76f4d00d9a284d4176b1bfdca2cd7514804a5689cc263b355f2a43950920712a062c504637a724aca367b369c2b39ffad104c821d9e4b0432c03da41682712ae0aff8b33d073ba2ed7370b0701881cc8aca527fa7a5a3f26d6de4ff6dfb264a9069f02c23783468ef99f824ea5a69a00111065f2824e42f592a897e123ea9e111b14c3208b8c1374901324cabf571b8b0862d63b9c6f73ab17243f6ffb9020de9f11d1ecaca827e5ff9d2d17adb24498cba71f34fa4cf6f0b40d55d4a60deaf4d48252bafa7ae61b7d7975b2999665882dfa9ca0261579ea0ab48006fa92459380a67680ae449bab430bdbdc40467435deb75c5d77d7bcb2efa0c0a5f89dad4a3e000c48f3edb5b7d7658147e00d1c18063f6fccba64ec5b0c76e24b8d961ebfc4b272bc56cbec149fd97cc8fcb27eec244d390bf8095a3db3aa34566c8f814847d3a274207c490c822732d1312b274c6a11d18b03adb2c5e631f44bc25e6efb8fae84743f735d9b7c978a2209c474bccf4abe999269a211f29879162b490c9a0829e463e10c121c3b36000645b7bd5ae96e8b7b74f0652fc6f0310c1034b28e844e2eef47103979b02e2388eb4c6246f58786856ce7b181bd91f2a4c4792db4913b880a8f959be636be1070be76b6a26afbd18dc7d38ca2216c39c21db245da5de1b545741fb61bf79fdaeeae75f29fd48132741fedc7c56f3188baac874aa45b12e10e9c2a52869a9a77fb5499b3f7b6660efea6d05b787c7131cca15bc6bd876217d6823bbcd0c7e60d75b13e10dc4e065bfcafec6fd4055f33858f7cb97c7366d61d66a8570cf1ad414932efc78b2f5903e1d9db52e6aeebce27adea77191a8747c79a52505bc1dbb3c210ecc4c968c2cc45b32ca363782ad40aba94d7e0227b2e917421876890489babebcdd08bee34d76bcb4e7a30ef61d1b0bbe5b8cf99b4c31197b7bd8f1ec6ff136e71eaefa460a6be56cef6e06d44d54002f740000000d3b08ded1dea828fd25026fd84295ed8358b1dc2e7e5f82016f9c53bbeebcedb03050ed094d46efe7deff9cb0cae6ebda2e27c2d1ca2c05c8ad35b3f116de40a	RMActivate_isv.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\uDRM\SK = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001bc9387f4f791b45af7c7e57591307f1000000000400000020000000106600000001000020000000ab327a6783d12c8660c36005d316939bd4a51c0b9a6f99cd1906e52943e9102c000000000e8000000002000020000000ea520787721a6dccdc5c4e46e29e61ee8b960b06e8e4b85af729e05663e003ff9000000038113bf2a0bcb4ddaff631274fe2e1296d9ce1ae918d7f208e4954717a70c4349d19da6d0a71d23b59b86bae1609b19730274ac284ed1d64fd31e92931d0408b643ec7154b4811206ed6355c9f5f15a8a6a169d90d219bc3b799b84032c6d0cd5761d77e274cff2b857a99b4c9e4dd46a729dbda2134910b674a923dcfda185c0c2d9c0662015a03ab4485c8eee12cd040000000ea52df1f23efb3b256ae11b03e85b2dc24990047102486c92feec33e8378cd065e64c88f1b761407de2faf5a2c6bd6be575a5c9f7d5112c9db552d574fc39e30	RMActivate_isv.exe

C:\Users\Admin\AppData\Local\Temp\RMActivate_isv.exe
"C:\Users\Admin\AppData\Local\Temp\RMActivate_isv.exe"
1⤵
- Modifies registry class
PID:2972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2972-2-0x000001E6B1CC0000-0x000001E6B1CD0000-memory.dmp

Filesize
64KB

Download
memory/2972-3-0x000001E6B1CC0000-0x000001E6B1CD0000-memory.dmp

Filesize
64KB

Download
memory/2972-1-0x000001E6B1CC0000-0x000001E6B1CD0000-memory.dmp

Filesize
64KB

Download
memory/2972-0-0x000001E6B1CC0000-0x000001E6B1CD0000-memory.dmp

Filesize
64KB

Download
memory/2972-4-0x000001E6B1CC0000-0x000001E6B1CD0000-memory.dmp

Filesize
64KB

Download
memory/2972-5-0x000001E6B1CC0000-0x000001E6B1CD0000-memory.dmp

Filesize
64KB

Download
memory/2972-8-0x000001E6B1CC0000-0x000001E6B1CD0000-memory.dmp

Filesize
64KB

Download
memory/2972-10-0x000001E6B1CC0000-0x000001E6B1CD0000-memory.dmp

Filesize
64KB

Download
memory/2972-9-0x000001E6B1CC0000-0x000001E6B1CD0000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads