Overview

overview

10

Static

static

DOCUMENTAC...28.exe

windows7_x64

10

DOCUMENTAC...28.exe

windows10_x64

10

Analysis

  • max time kernel
    153s
  • max time network
    156s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    30-12-2020 16:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DOCUMENTACIONJUXGADOPROCESAL68584983243128.exe

  • Size

    378KB

  • MD5

    291b17288e1b5919f9bf5173a3519cb3

  • SHA1

    b88282c8e5a7546dd6363653bc68d1353163d3f6

  • SHA256

    dcbd91d1d7361dc9b34c907f1d1d2677837ce29f6f3ab3f4994bb82ccce88dc5

  • SHA512

    5fb634203786a7401ce15f55d433b19546a640747f9482f8a906464fca58b5e5d7696a618f721f32e0d73c02a256a74335803344b646891b0943303e122eba0a

Score
10/10
remcosrat

Malware Config

Extracted

Family

remcos

C2

jueces23.duckdns.org:1212

Signatures

  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DOCUMENTACIONJUXGADOPROCESAL68584983243128.exe
    "C:\Users\Admin\AppData\Local\Temp\DOCUMENTACIONJUXGADOPROCESAL68584983243128.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:972
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "{path}"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:3536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/972-2-0x0000000073A30000-0x000000007411E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/972-3-0x00000000007C0000-0x00000000007C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/972-5-0x00000000055F0000-0x00000000055F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/972-6-0x00000000050F0000-0x00000000050F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/972-7-0x0000000005050000-0x0000000005051000-memory.dmp
    Filesize

    4KB

    Download
  • memory/972-8-0x00000000086B0000-0x00000000086B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/972-9-0x00000000055A0000-0x00000000055A4000-memory.dmp
    Filesize

    16KB

    Download
  • memory/972-10-0x0000000008850000-0x00000000088A6000-memory.dmp
    Filesize

    344KB

    Download
  • memory/3536-11-0x0000000000400000-0x0000000000421000-memory.dmp
    Filesize

    132KB

    Download
  • memory/3536-12-0x0000000000413E54-mapping.dmp
    Download
  • memory/3536-13-0x0000000000400000-0x0000000000421000-memory.dmp
    Filesize

    132KB

    Download