Analysis
-
max time kernel
141s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
04/11/2024, 01:16
Static task
static1
Behavioral task
behavioral1
Sample
rscat/RSHappyHourChecker-EN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
rscat/RSHappyHourChecker-EN.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
rscat/Readme.url
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
rscat/Readme.url
Resource
win10v2004-20241007-en
General
-
Target
rscat/RSHappyHourChecker-EN.exe
-
Size
734KB
-
MD5
3d18e78529946fd55896458748c1d711
-
SHA1
f55649d723d6138e74a8a0b98a5b17c1d3f53c10
-
SHA256
59acd349f79151186d58189344d58b3baab92725b2d7f9915ce341dd8ec81fd7
-
SHA512
68c161704a233d21b16d66be2a831c7183d3c727e1830b0aec29a26ca3b71528bad25d7f4dae995e55b03505f11fdb03e5780a0e7ce3c6b583bcb1d9e893a0f6
-
SSDEEP
12288:32IcGX9fzvl9F/v5dC3hN+WHjcNotqBry6EvEP8xzVgv2Zz48:37tBjXFaxN5jcNlZXLkxzVgvcz
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RSHappyHourChecker-EN.exe -
Suspicious use of FindShellTrayWindow 8 IoCs
pid Process 2688 RSHappyHourChecker-EN.exe 2688 RSHappyHourChecker-EN.exe 2688 RSHappyHourChecker-EN.exe 2688 RSHappyHourChecker-EN.exe 2688 RSHappyHourChecker-EN.exe 2688 RSHappyHourChecker-EN.exe 2688 RSHappyHourChecker-EN.exe 2688 RSHappyHourChecker-EN.exe -
Suspicious use of SendNotifyMessage 8 IoCs
pid Process 2688 RSHappyHourChecker-EN.exe 2688 RSHappyHourChecker-EN.exe 2688 RSHappyHourChecker-EN.exe 2688 RSHappyHourChecker-EN.exe 2688 RSHappyHourChecker-EN.exe 2688 RSHappyHourChecker-EN.exe 2688 RSHappyHourChecker-EN.exe 2688 RSHappyHourChecker-EN.exe