Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
30-12-2020 16:48
General
-
Target
DOCUMENTACIONJUXGADOPROCESAL68584983243128.exe
-
Size
378KB
-
MD5
291b17288e1b5919f9bf5173a3519cb3
-
SHA1
b88282c8e5a7546dd6363653bc68d1353163d3f6
-
SHA256
dcbd91d1d7361dc9b34c907f1d1d2677837ce29f6f3ab3f4994bb82ccce88dc5
-
SHA512
5fb634203786a7401ce15f55d433b19546a640747f9482f8a906464fca58b5e5d7696a618f721f32e0d73c02a256a74335803344b646891b0943303e122eba0a
Score
10/10
Malware Config
Extracted
Family
remcos
C2
jueces23.duckdns.org:1212
Signatures
-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 14 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\DOCUMENTACIONJUXGADOPROCESAL68584983243128.exe"C:\Users\Admin\AppData\Local\Temp\DOCUMENTACIONJUXGADOPROCESAL68584983243128.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"{path}"2⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1344-8-0x0000000000413E54-mapping.dmp
-
memory/1344-7-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/1344-9-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/1760-2-0x0000000074DD0000-0x00000000754BE000-memory.dmpFilesize
6.9MB
-
memory/1760-3-0x0000000001350000-0x0000000001351000-memory.dmpFilesize
4KB
-
memory/1760-5-0x0000000000560000-0x0000000000564000-memory.dmpFilesize
16KB
-
memory/1760-6-0x0000000000FB0000-0x0000000001006000-memory.dmpFilesize
344KB