1a34bba303197eade878b483cd8b02c2bd6bd2af9d5ec501bc61b4b318704f0c

Analysis

max time kernel
110s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/09/2024, 08:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RapidTyping.exe
Size

1.1MB
MD5

f2386e14811799117ee1eef3a8bc8c16
SHA1

1eb8f4429e06d54ac2f4b637932ccbcc4181f4f2
SHA256

2699ff497242919318d71f963c2ba7b818bd7ed0edc4815c844e0ae6d8c00b6c
SHA512

f28a8ef01ccfd0a99f506ae0e10b956377b25c069953101bc21b3ac3b73c6b7fe6de2fa68bf6e0b959300fc006011dff3140ff8bd4a7f6ac627a7269e6edc188
SSDEEP

12288:yIOiKNZaXmgkbs9oOQ9YmsY65a4VfK8GIU6w5DvBmljKXjk2gD9jPDcxT6qPk2ki:yIOiKNZGmgoiW5DvBGKXjI9jPDoT6m

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RapidTyping.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2108	RapidTyping.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2108	RapidTyping.exe

C:\Users\Admin\AppData\Local\Temp\RapidTyping.exe
"C:\Users\Admin\AppData\Local\Temp\RapidTyping.exe"
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\RapidTyping\rapidtyping.ini

Filesize
227B

MD5
51d07ad397a3ffdc3bb9c1f197f30d60

SHA1
a7118ab2836301f650a997ad8596081c8314dd64

SHA256
df15ba7c1ba8dd89464f8d27b0f2c6b2977ea2961d4ac4fd3d45b6c4bb8f77cb

SHA512
7771e78e03172c03e70c5e97d0579867daea7607b0580cb804c928382c31bea17caccaff511db761e60bb229c298b98c49f68c3fcd599a1c8f750174f89b48c8

Download Submit
memory/2108-14-0x0000000062E80000-0x0000000062E98000-memory.dmp

Filesize
96KB

Download
memory/2108-13-0x000000006B400000-0x000000006B485000-memory.dmp

Filesize
532KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads