35a9481ddbed5177431a9ea4bd09468fe987797d7b1231d64942d17eb54ec269

Analysis

max time kernel
91s
max time network
99s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
13/09/2024, 23:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RDPConf.exe
Size

1.0MB
MD5

03fb8e478f4ba100d37a136231fa2f78
SHA1

98685c37a6140701220c476449bee3f4e1fd28ef
SHA256

3c0e5d6863b03283afda9bd188501757d47dc57fc4bba2bdbb0d9baa34487fe0
SHA512

9d9052691c046e7268543b56c623ea2e9289f226b6c1f6449fbf5e2890f4b66d98e7bc312c663387d9f19d8f1b8b8959f9271fa0e2a51fc15791e29c49d908da
SSDEEP

24576:JwewFB5btX9uALSTRMab+wBySRX7ADs9UXOAPOA:At9UMSJADsaXOAPOA

Score

8^/10

discovery

Malware Config

Signatures

Modifies RDP port number used by Windows 1 TTPs

Remote Desktop Protocol
T1021.001

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RDPConf.exe

C:\Users\Admin\AppData\Local\Temp\RDPConf.exe
"C:\Users\Admin\AppData\Local\Temp\RDPConf.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Remote Services

T1021

Remote Desktop Protocol

T1021.001

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4544-0-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/4544-1-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download