Overview

overview

8

Static

static

3

RDPWrap-v1.6.2.zip

windows7-x64

RDPWrap-v1.6.2.zip

windows10-2004-x64

1

RDPCheck.exe

windows7-x64

8

RDPCheck.exe

windows10-2004-x64

8

RDPConf.exe

windows7-x64

8

RDPConf.exe

windows10-2004-x64

8

RDPWInst.exe

windows7-x64

3

RDPWInst.exe

windows10-2004-x64

3

install.bat

windows7-x64

8

install.bat

windows10-2004-x64

8

uninstall.bat

windows7-x64

3

uninstall.bat

windows10-2004-x64

3

update.bat

windows7-x64

3

update.bat

windows10-2004-x64

3

Analysis

  • max time kernel
    125s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2024, 03:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    update.bat

  • Size

    249B

  • MD5

    29ca1c35075247b035af75c11cab78f1

  • SHA1

    4f670d13d7532462f4b1e66d085ef8b9f065ff88

  • SHA256

    353f2dc17a4e80564caa175f7170dbedc1b40f704444520ae671f78a5d1f2b6d

  • SHA512

    3970adc72020194f93935fad2c17790170da7f0f4444e2bfc402f9924fdceaa4b6443e9871c3b8cda24089b84cbdcf185f0d31238c0be93c58e280cf36ab71a7

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\update.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:404
    • C:\Users\Admin\AppData\Local\Temp\RDPWInst.exe
      "C:\Users\Admin\AppData\Local\Temp\RDPWInst" -w
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2020
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4308,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=4276 /prefetch:8
    1⤵
      PID:3828

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2020-0-0x0000000000400000-0x000000000056F000-memory.dmp

      Filesize

      1.4MB

      Download