Analysis
-
max time kernel
102s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20250502-en -
resource tags
arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system -
submitted
02/07/2025, 18:51
Behavioral task
behavioral1
Sample
RC7_bootstrapper.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
RC7_bootstrapper.exe
Resource
win11-20250619-en
General
-
Target
RC7_bootstrapper.exe
-
Size
56.6MB
-
MD5
1140103e53e243ffd5be9682d4a43e57
-
SHA1
31b09327a889976a9238ca2aaebf607d26cd0d20
-
SHA256
16cb215f1898a877d2ceb3cd25c95f7ab2d77226e6e00be19df6e0de55f0598a
-
SHA512
238d6ffb6e4d84fc45cbbb3a3868b94f684f7ac93106382b43f9008cd7e396339cd50325d4aa03a4bb5c157426f4f31b984b26a21a962f6d8e434c78b9e2912d
-
SSDEEP
1572864:zjkmcC3v5Dhn3raIgJ40VG8kd+wTWv28BtRp:cmcg5Dh38J3kIICZbRp
Malware Config
Signatures
-
Loads dropped DLL 46 IoCs
pid Process 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe 552 RC7_bootstrapper.exe -
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RC7_bootstrapper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RC7_bootstrapper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 552 RC7_bootstrapper.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1564 wrote to memory of 552 1564 RC7_bootstrapper.exe 85 PID 1564 wrote to memory of 552 1564 RC7_bootstrapper.exe 85 PID 1564 wrote to memory of 552 1564 RC7_bootstrapper.exe 85 PID 552 wrote to memory of 1960 552 RC7_bootstrapper.exe 86 PID 552 wrote to memory of 1960 552 RC7_bootstrapper.exe 86 PID 552 wrote to memory of 1960 552 RC7_bootstrapper.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\RC7_bootstrapper.exe"C:\Users\Admin\AppData\Local\Temp\RC7_bootstrapper.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1564 -
C:\Users\Admin\AppData\Local\Temp\RC7_bootstrapper.exe"C:\Users\Admin\AppData\Local\Temp\RC7_bootstrapper.exe"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:552 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "ver"3⤵
- System Location Discovery: System Language Discovery
PID:1960
-
-
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
88KB
MD581b11024a8ed0c9adfd5fbf6916b133c
SHA1c87f446d9655ba2f6fddd33014c75dc783941c33
SHA256eb6a3a491efcc911f9dff457d42fed85c4c170139414470ea951b0dafe352829
SHA512e4b1c694cb028fa960d750fa6a202bc3a477673b097b2a9e0991219b9891b5f879aa13aa741f73acd41eb23feee58e3dd6032821a23e9090ecd9cc2c3ec826a1
-
Filesize
55KB
MD5b181ecfd9943d52c2411e6f41a7789b7
SHA184e2dfaba4b6a33bbac569731d80fba713a69e0a
SHA256b7f06a8c596c0b94582724b119eb2eecc336b3be0af98ec7bf47718bf7d8611a
SHA5121e782d71f651c71525ede1c283afcc1f151f2efa6b738c8ffff213185efdc4c9b6e5544f451a44c73fd1291302be3cb839a2cc78a1c314225a2ff7bb72e4e34a
-
Filesize
79KB
MD52fc06a6cde650118889349377c7ba6c2
SHA191be761f490dc1252ed251dc601a03bc40dd628e
SHA256ac7aef2b562b2fa82878e937f573887eea00f78707284c93f2a3461261ea2a46
SHA512159ce6efa55609c543ce7ce03e1f7a07105bb248feea40f766d188d1378247b6922d85da4411fb64f80eba8fbd58d35e916a7594625b4861f456d83600707787
-
Filesize
145KB
MD5b771aeaac785ca4d8bc5cfada862fe85
SHA13e72397a2ffbd6518104ca22c65c437ae80f8c7e
SHA25670452cd91004c645e547876dd489500e54b4db9efeb1c7a1c0c9f4fad91aa016
SHA51243f8b860618d15a8e1d77d000837448c3a452bac364d510671fa6e250165429ad6f2c66eed10d32ad81fe0b7623212e2784403867c8d066438303cfba065a515
-
Filesize
105KB
MD54fa9dc54e0323199a897f6cbe9319a84
SHA1340a051b83c926c056945da59d2c9a2ccf1872b6
SHA25626c4eac771a6761ba984a84898c852ba1daec564aff9ac17c93c66fc6af77ced
SHA5120453187d3b6ed26b03c6882a0a7161fbce23c43d85b9eec41454b1444643708a74d0da52d4ec604b6820faf69be1930f0bee2f9cf4c42c8b7dd9a67a024359e5
-
Filesize
194KB
MD50121248137ecab7bdab3360fe4145d94
SHA1ef1a5c7d85a87bad747b9d1d7c9150a0ddd96cfe
SHA256487519f1900fdb06ac2602c971a6c366db99dacfe5700a922d9e52883ebdc783
SHA512a05efada4bfb5d3cc3e23fc5087b1c8ed3a5d75385c56cac750f877872aaf2cf3c81b438730425762ff578f56e67ff0270b5204ae77d689a76cafd9281b292b3
-
Filesize
48KB
MD546dd1f59ea4f9a8c488a6de4d27d4d24
SHA122f151edccbcb294a131e68f81778cf5d99de7be
SHA25608a409e49238c2eb72f495d6fea8fdfaf00a9419ab827cfec5abde45a44b1261
SHA5129c188b8ce78459e53446e48dd6904b4e6e11ac4ca19369592488592107b21658cc391cfcd5b122b44b324b110d2e1fe34a895b087ed9898580b6dc0e94e43aba
-
Filesize
145KB
MD5050b9b38adb74298daf0b238a1211c9d
SHA1fe39fd52721eea10ec68707ae6cdfbb71d538fc3
SHA256ec59abebd42a5964f777fcde67daddc70e8e62a6cc3f8f23e9dabb55c2def7ac
SHA5121dd61caca4c35aa6243582058737b514ffabb5e66de87a2fdf215868dfa5a73f3ec5a87303ca2f9f801ed12695bf8adf7711f2cda361e2a584b26b1e0e3de235
-
Filesize
29KB
MD51295f0e7f230c2b94316b7842144c563
SHA1a80f65eb4d7ea28d21c22c7be05ce69f3930d600
SHA2560cdebc939eba3fdc87d176ba19a9b3bccc72cffc75eb86a4db31502bda99c134
SHA512bed39a29c89a8831ff57a44994cfd3b9afaf3c3bebd0efbd74c2883f35457883cb59aa16e34c56471702dd8fba702e96ebec31bad1c74151e830f14399d840e0
-
Filesize
42KB
MD5d6c2774a64b78f3a56d13b3f70b6430e
SHA103242c583e0961d023ef6ac9c8c4c4fd0c1c469d
SHA256ccd51d638c322d371a6c2c193c17e755a1e800be261f0fb1f9c1f8f1d883666c
SHA5123dfad90883b9dea5879da5031afdb34be6b83af095a63b370ae0e4a3499cabff3b896541c74a64e0dcf76e93b14ef4d955ae5f1af2ca37f2153fd470097e532a
-
Filesize
27KB
MD5b719b6351558e88cf2f80997a5b9625e
SHA1a89f17bae0fceb2e1eacc77dc7f5999660ef3029
SHA25640ce67a85089da532c0f92cc52fbced063e5e56e3be511413f19d03872d09ad3
SHA5122d96b03fb67d8f194a06893a3bf0fbcee2db44b6fb9e8717078b78d9c60954b9a241a3a264a53ad0c821ff41b83902acfebe0d9983a6d30aa6a213a51930a911
-
Filesize
67KB
MD5a32e57f24cb2f8c4c1f364d99cbacc00
SHA1656a1659eb409e323607971989b009b171b8660c
SHA2569a9f4208ec104f758dd625a40464160d2fef1d18d890697e557eeda4d3c91d3d
SHA512a93155c91f8a1a32d3c4a3b1d5d9dd2d528431f7b29176278faf330fe8ce33189bb0d49fcdf833e644c8ff7ae9c29ef5cd3945e51176c837d5cc00a97083e020
-
Filesize
88KB
MD53cc69ce01a030c8a12325fdedaa97f95
SHA105d1bd73a343c3a09066309ecf5870884e3cb9ee
SHA256443b7c3fa234593e2b858d71a766b9e0c23fd6564a9329a5f3b73cfae3108931
SHA51253e28c652147fc1fa7f491f4b09d75df7101cc0a728f775a3a07069fd82077852fd02cdf87ce1817d93275f477801b8d7701704b16281f1b1ea7842a64e973a9
-
Filesize
138KB
MD500fee46c05d400c2fc32b9dcdbf490cc
SHA12e7609e11757bbd6a9d55290ebccbcf347b178ae
SHA2567145742a377f10e1a1bd8facdc2eca25dbd50f30603957dda0a369debf719431
SHA512977aa7cc550d58f7667015990c7f27829cbe2fd6425209b7f16fa018062d7001ff30cbf53dd34d12125ddffd988b46b5ba23d27b39ee1302e36b4968737b69a8
-
Filesize
53KB
MD5fbc3ed92f9f44e609676264b9f6d644a
SHA152a28130411bb2bfb4c1cf8102fd39da71249ea8
SHA25617dce8a3294f35ad7f83626a542d0a217ca32deeb1841503f33caa175c09ee9b
SHA512700957cc61a8474588fbea42ba632957429e8bc14d5239179a7eacc573435a16ab243c3b5f66061aa08f1ce327b1e2ef0f8db84052d6208f8c9c4de27019a649
-
Filesize
22KB
MD51b72b7ff540ac17ec555448184d2365a
SHA1a5c1465207f773d4d2e3a3bb725e8381573fdabb
SHA2564e0b4db6edac8daf257c26d5bac480769695ef851129380162ba001158b0cc03
SHA5124f7035712b7c914a474f63b00c49d9d04d4457778f36515a0d1f8a7aae8ef6e113a9add660975ee6d77a0fe4cb1e6834b3419f6de6e87b8306af34dc38ad2c05
-
Filesize
1.4MB
MD55011d68fbea0156fe813d00c1f7d9af2
SHA1d76d817cac04d830707ce97b4d0d582a988e1dbd
SHA256b9e9569931047cd6a455ec826791c2e6c249c814dc0fa71f0bd7fa7f49b8948d
SHA5126a5affde07b5150b5aee854851f9f68c727b0f5ba83513c294d27461546a5ef67bf6c5869fc4abdadaa9bf1767ea897910c640c5494b659a29004050c9c5d099
-
Filesize
6KB
MD56f043aff1edd20d3c9d6398f936fbf58
SHA17149d2d20e1eb8c10c5d2bdb8eda23551fc82650
SHA256957a91bfd98ffb07a10cd789b7c5c46806568476b61e34c7ad56a00092b981a5
SHA5127358dba479899dbc3afb955903820d2a7a54b9c398bf5d4565c8dc044241821edd621d7416862af396db4216373b1e8aac00eb78046fcc3cc2396aa02cd6947b
-
Filesize
2.2MB
MD54633d62f19c0b25318b1c612995f5c21
SHA150601f9e2b07d616fde8ee387ce8cdcb0ca451df
SHA25647376d247ae6033bc30fee4e52043d3762c1c0c177e3ec27ca46eff4b95c69b0
SHA512d6a18e43b1a20242f80265054ed8d33598439ffa5df4920931ff43ec91f1ac2d8a3931913fd5569f48c9b1b9ea845d9e017ea23571a1ac1b352502a3e823eca9
-
Filesize
34KB
MD574d2b5e0120a6faae57042a9894c4430
SHA1592f115016a964b7eb42860b589ed988e9fff314
SHA256b982741576a050860c3f3608c7b269dbd35ab296429192b8afa53f1f190069c0
SHA512f3c62f270488d224e24e29a078439736fa51c9ac7b0378dd8ac1b6987c8b8942a0131062bd117977a37046d4b1488f0f719f355039692bc21418fdfbb182e231
-
Filesize
539KB
MD58845fcf1ae2de1018daaaea01d9ba2d5
SHA1db67697ee052738e6f23cc1d29b261bef1d423e5
SHA256b7e16af3eff9ab0869cfe60c256394a70a867879b7f56544a724d6ac1ccfab88
SHA5122792fe94dd35b594514c4fad091c9683ec47814335d046f776cd1f043c576533e99088949f1f1ae6814c16dbdda430ec53b2d64621ea0c818cadb91ec5e3a788
-
Filesize
57KB
MD54f9a814d7467afbdf400ca7bfff0eb1f
SHA1e108b0c7a37444541ccecd936f300273daa53ad7
SHA256afa05b0f8e47ef41cfa1035a77eb958f373b9ab742d9a01d69cddbb37961c51b
SHA51246ed75fd12b492e83d79965a1e48c58428eed5d707ab19fbee840ff05e8223e2e058903ab9838711ac58800c78c9ca7ed42cf455df1fc8e858706f5275acae62
-
Filesize
2.2MB
MD5f13b548bd969dc725d97909ca09e711a
SHA1c5b4c5de29b0730e915aa5e3e44dabcb002f5f28
SHA256033358a93e162d32e5d75239b7ac50afb13be4107f6c7aded112dd86d9c1cf43
SHA512b356a03d7409527a427fd224dc5d4372fe31fddc5b94f684d605aca065e17af022470e081d764c19ecb2a661119bad8f1501b44ad3151702a5a56b1983cade8d
-
Filesize
69KB
MD5de62841698ca4caeece572c7dfda5c46
SHA110a90c597c2ad7df5f00fedbc911070c6a0ebe31
SHA256679abd3976a54a0169ca00cc748b4bb04478c3cd4412b1db72f12f19377b917f
SHA512fea985b6eb79da2d46584094d20ea1f0f6dba1df1ba6e5cf2df8ccf9388b234276b8815915f0c4996a60145deb275bf66239b2cef1153bd83eacf761d3651f3d
-
Filesize
1.2MB
MD576a718f53366fdf55cc4d478b6d8ad6e
SHA125fc98327974f1e1b6b1a4d234aebdfe8313ea14
SHA256903dba91b3ef3ea326fe50eace9ba39e641bdcd1d976fbf8b93081456236e51f
SHA5129ecf55ce282f0c418083b78c283007f4b672842a35b2a98d7cc09be5e19e430b59a8245935798bfb0b71052184f3e1a7493ddbb455fd7d3ab21b2cce3748d4c5
-
Filesize
143KB
MD5711058c19968d41ee38a68a0598371a7
SHA120d5d7699a12f0973ff2c5d96f137723a0ec1a87
SHA2560fdf35272ed326da968c206d1a06c9ace03a4a628b56f81fafa6eb49e2400cb4
SHA51202b7014061b44da5c23693a8274d33353a08bb57ebe055b6afd8bccf970c207bce94d36df0bec590bcfe59f3534b7f5bbcc86ce2fdf47c341514f4c38c6b5567
-
Filesize
552KB
MD5d4234a801e201514250cf03763d19b3f
SHA1f260709a9e285ae6429ed6796f3a2cccc334a5ca
SHA2568c19cc5fd3faf7a5442b3a64f0ffd0593c48a4517e16a3cb52ce61f802dbe9e5
SHA512e3ea234b691d82ddd37bac5ea6013a842f2fb109d84837696157df5aff86c54cc0db68c2e02df2fb5396d17df16223d68fb02a4abe6f211836cc0ac1f5fd27aa
-
Filesize
166KB
MD5f9e45cf1012c3b13aef55f57236ffde0
SHA1acf9f160ef3a5301dffbe7214f617a91cc6426fa
SHA25655cba4f773a647fb71eece4219a5f1b42d27408cbf0966ba1e2b6ec23489c4db
SHA512e2c3b79d474b65863c46a081daf35d6e8513ea6c741a40e026ea9aa4c5f5075dabde5a0eb25519b748b3b8b1bc54bc785732665a3fc69fb121d6e93f91659cb7
-
Filesize
65KB
MD5ae7d6f03d25882102e6105d2dc6fc4ff
SHA1b22ec90bd249ded56b777c257e2bbbabbdf02093
SHA25623d320f0f783388b0fb34a0881f132db6d411cbfc6e91c5067d545051ca2e34e
SHA5126d0b2d41c3574ef3eab4600c5b8df0a594f51ccc5fcc0303df863077de3893aff92724dc1070b21b6f0b7fd79e79a9da5b76ef24d6ce6bbf1c036237f0ddf32d
-
Filesize
4.7MB
MD5def4ea379d93137a0508c82395508689
SHA184b9a570d2a4fbebb6e365546071d6c84d8183b4
SHA2569eb062b9b4f820473a73f54729347c795acfc03a5445886dbf0ba741d95fa1b2
SHA512f4b1301f26e81bd27dd8f415bf75eca79388d28824d77fe21bdc79d34fe706bfe4c1163e76162b21c160551e5ebd6fffe9f7d45c520eba9a74192141b21517f2
-
Filesize
532KB
MD5d0be5c51547e2364087e1ca19b056640
SHA1197eec00233af7f9c16cbc913ecf99333fc21168
SHA256a81936af2e8a32f3cffb24f59c0329ea2b88425d68d2e92daa18f3a1f495007a
SHA512fb39b34a3163478ca6176d6fbeb0de61f4182641c400875e696dbf0dde9d1e87f0b8b8c84242ee04b3692a6cde70077af85c88ff46a7ef821fc1d113a252a130
-
Filesize
108KB
MD50316bb8d31637b3f7daa30f2a8eb95ad
SHA1724a49a06ce5f27a6cdaf322bce442538b305b9e
SHA2564bd30a9c50a1391e89937547a198559275ec366b889995cee43285cb5f2cc7cd
SHA5125bda3a9f6489c114f06c760499e6d7ef858c2cbb79c3eb0f9be87d51bdd58e2f1b4e8330c388c8ad3b82c60d85ffa619f79112cf06e08d6b3d9baddbd9e86da8
-
Filesize
26KB
MD5b30623041961d4469dd94ed9b3568f50
SHA1bfe0ef4f958072909e0f62b9a4773bade69aa290
SHA25606769dfaf2dd5bcf8dfc97c1d2c8073a9df5f266c1616569b1ee69e0ccef53ed
SHA512b9ba0dc44b3feea8af7da9b8e339e04a815d3f9438994bba3f61d0b6d30362a7cd9ebe330eb05857f27585bef84b64b4d22c48b770f026ec74e7d7dec086b4ec
-
Filesize
1.1MB
MD5d63da989797940532da943fbc0dd40d4
SHA1583cebfda35d34ec209f8923af12fc3b3c307956
SHA25641f6a03a21600d08887fbd3e29796003d5d54e5d16401d9e35b950b5240c6424
SHA5123e677bc1886234e38a4a441060bee7727b7a6c13e001aac6d8b4d032da5ab04ebdd09410854cdf73969d9d04de16175aa9bf68ee4c9e04b9c6578fbc322c85d0
-
Filesize
1.4MB
MD5d99809b3282ce68bffc5ee22ff7f78e3
SHA19608d2e0d5c8f786ad8e6d74fb8ec0592700e860
SHA2567ed409592314926d14c5d1663fce0701d1b0a2bc6d0360bfbe4014efd230f7df
SHA5128492114f53f7feab88c3ea414e248a83db779e8c31c1289fece4085b9e916c6a189ee6a058a9dbca3f84b053a873d9ef6832673cf1df787a20bf8a15e5a28a66
-
Filesize
1.2MB
MD52d22c933ab895730b49058514ac16a5f
SHA186a589ea7a942f9f09adc99e037ccb7bfabe28e1
SHA256f37b85b38f04303a1394c95dd2e67f08efbde1bafd9bfc3b2403e171bf5f979b
SHA5125d697895c728b3c5fb4a2d16ee5bde3b9644365af8b35dbc221b01ed3462896f8d8c8fd5fa946ce7f1a65d0f561b7d0fc18befb9b3257b3728bc99cdf58973c4
-
Filesize
1.1MB
MD5d5ca03943b8d79b2a1dc60670cda714e
SHA1e1aa7de9c1209d564bb3c08f96bd8e8ef7a9e083
SHA256571ff760dd77862a5a88a83f8fc53d17d6d87a56f3ba27939d196cb304c33c43
SHA512144518c64fc27ffb5dbe4cfe61f6826372aca1101303442aeb68c2c0bfef5c00af70a603aafbaa9e8f368f79c9f8e884bde44b5b29c7983bf5956da5246ae540
-
Filesize
105KB
MD5f1e081cea8f7e74108f2b349db6720c5
SHA109069aff6c3e5f6e02cb3c7a4225df70a4d50771
SHA25638d60f796401e5139e5c703a241bb202b89233946a35b8706d1ceb32da5c2a86
SHA5128207fa7373386d46ebf1942dfe8edd2969021d7658f6ca6ce99c7d9dd4c424a66a5084728e4c6ce4a9c7f233f1ec5c83b521dd62f3d7be15d596b994ecee1f5a