Analysis
-
max time kernel
141s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
30-06-2024 13:15
General
-
Target
RGSS202E.dll
-
Size
832KB
-
MD5
73b5e408ef0b2a8d498107448ea119b6
-
SHA1
4623ded035d009a3a7a975035e2bd505386d6b11
-
SHA256
3f8ec6209a117ad6ec24eb748b20631b1b09ee65566e2b98fbe5a7021967e40a
-
SHA512
b4f4fdc318c231c5677910c43f0da45ad2fe9d333fd89b9912794b890fc4297e6201c6ebfd90b8459cd6130809e05229ae7e0a9119bebf6298f20fc6ad2c81cd
-
SSDEEP
24576:nyctOF+OJjkh/cR5vmEhuBFm62+Ze3JWPCVBO:pO0i+EYBXzZJiO
Score
6/10
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Program crash 1 IoCs
-
Modifies registry class 3 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\RGSS202E.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\RGSS202E.dll,#12⤵
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 2723⤵
- Program crash
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2604-0-0x0000000010000000-0x00000000101FB000-memory.dmpFilesize
2.0MB
-
memory/2604-1-0x0000000010000000-0x00000000101FB000-memory.dmpFilesize
2.0MB
-
memory/2604-3-0x00000000101D3000-0x00000000101D4000-memory.dmpFilesize
4KB
-
memory/2604-4-0x0000000010000000-0x00000000101FB000-memory.dmpFilesize
2.0MB
-
memory/2604-2-0x00000000001E0000-0x0000000000215000-memory.dmpFilesize
212KB
-
memory/2604-5-0x0000000010000000-0x00000000101FB000-memory.dmpFilesize
2.0MB
-
memory/2604-7-0x00000000001E0000-0x0000000000215000-memory.dmpFilesize
212KB
-
memory/2604-8-0x00000000101D3000-0x00000000101D4000-memory.dmpFilesize
4KB