Analysis
-
max time kernel
430s -
max time network
434s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
25-09-2024 18:42
General
-
Target
rk_free_setup_301.exe
-
Size
1.8MB
-
MD5
3935c389ed8451df43c021cbb8dcd740
-
SHA1
10810b87d883c4a006f4499d973610b95c14c2b6
-
SHA256
d2ad1908d041d0b2b09d2ffb68d98881f0aff30b9055c6670aa623587ba35224
-
SHA512
e4f23c3acc3bb68beedc42226ed94c6cf27cd8ea42a8ad51c290b25110ae7accee90f4ca4a80a4908d2da043ca55e0be517bdfb00bc59697bb7ddc8cdeb1ec05
-
SSDEEP
24576:8KUExvA9TdrqkCdrFfzsUtCDWGFvR/AifP03FfzsUPWZCs:8+QkdFboaGH/f0ZbPWZCs
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\rk_free_setup_301.exe"C:\Users\Admin\AppData\Local\Temp\rk_free_setup_301.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe"C:\Users\Admin\AppData\Local\Temp\rkfree_setup\rkfree_setup64.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
967KB
MD5521f2a5c686f718e3ca2dca5f4af2b49
SHA10d26e7d1541dff2e922b18c3ed5556f9f05e85d5
SHA2567444dc7f026376291df6bc0ba8a1ef4a97b22b7efa1ff446e8b7ee83814f0533
SHA51244fc79ad4c8ffe2197aeb3ea28fcd15412f707108e8b8b576b35fe38f9e8626f23b3983a9713ea161a4397c25d0329d1b0113417706500ee565e029dd3b31bd7