Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
11-01-2021 07:08
General
-
Target
Scan_order.scr
-
Size
76KB
-
MD5
04be7ed51e345a56403df4657b376990
-
SHA1
44f5fdf6902d114524afc110cd927f95f72903fa
-
SHA256
ab77af2c0fe4a39b3e2ec7b7450ef36999baf7c66316f4b3934d5a60e124d50c
-
SHA512
0b71a26ad38bbc0c1fb37854f636125012cfa6177afa1de4291756e5bdbe3bc07df157a1eb4ba7c3ee82055ece44ec21157ff14a6d66df14b0a720ad410afd21
Score
10/10
Malware Config
Signatures
-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: MapViewOfSection 2 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Scan_order.scr"C:\Users\Admin\AppData\Local\Temp\Scan_order.scr" /S1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\internet explorer\ieinstal.exe"C:\Users\Admin\AppData\Local\Temp\Scan_order.scr" /S2⤵
-
C:\Program Files (x86)\internet explorer\ieinstal.exe"C:\Users\Admin\AppData\Local\Temp\Scan_order.scr" /S2⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2752-5-0x0000000002CC0000-mapping.dmp
-
memory/2752-4-0x0000000002CC0000-0x0000000002DC0000-memory.dmpFilesize
1024KB