Overview

overview

8

Static

static

3

RDPCheck.exe

windows10-1703-x64

8

RDPConf.exe

windows10-1703-x64

8

RDPWInst.exe

windows10-1703-x64

3

install.bat

windows10-1703-x64

8

uninstall.bat

windows10-1703-x64

3

update.bat

windows10-1703-x64

3

Analysis

  • max time kernel
    78s
  • max time network
    82s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19/09/2024, 03:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    uninstall.bat

  • Size

    249B

  • MD5

    eccb8a01d0427ef29c2380d7dda399f3

  • SHA1

    302601e99d6b02e2e84a0de5c0dce3df139cba31

  • SHA256

    083cd340c800cc021d4a59388680ce0e7ab0f8b998e67def6a507070e7fa01b7

  • SHA512

    78d51882fe04cb64f9f6a82b604ef20e4324e5bc37701747fa55b3c153baa5942774daf737ff204f9e75e81a745ed95cc7ec115da91b9e27e646ed41d3f103f9

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\uninstall.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2908
    • C:\Users\Admin\AppData\Local\Temp\RDPWInst.exe
      "C:\Users\Admin\AppData\Local\Temp\RDPWInst" -u
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1592

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1592-0-0x0000000000400000-0x000000000056F000-memory.dmp

    Filesize

    1.4MB

    Download