Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
21-01-2021 06:20
General
-
Target
Qyyfrnva_Signed_.exe
-
Size
652KB
-
MD5
8f4286a5ec8f3abfb5d4c892f66c7cca
-
SHA1
3d83c34257b964adae2cba6029a7d4e5b6e2ceaf
-
SHA256
6f212246be3ab7db2cede2e87d8d465261ca8f44a86c7ca90cb8238bafed887f
-
SHA512
3df4484b9319aed2a9d936347d28495d37da42a7a105570aa0787ce86efdc0ea82310aa480fc2c4ce3373b8b88a008bd60d6f7ad40d90b4ca62f7e6654173bfd
Score
10/10
Malware Config
Signatures
-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 15 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Qyyfrnva_Signed_.exe"C:\Users\Admin\AppData\Local\Temp\Qyyfrnva_Signed_.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\internet explorer\ieinstal.exe"C:\Program Files (x86)\internet explorer\ieinstal.exe"2⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3136-4-0x0000000000AF0000-0x0000000000AF1000-memory.dmpFilesize
4KB
-
memory/3136-5-0x0000000000000000-mapping.dmp
-
memory/3136-6-0x0000000000BB0000-0x0000000000BB1000-memory.dmpFilesize
4KB
-
memory/3136-8-0x0000000000C10000-0x0000000000C11000-memory.dmpFilesize
4KB
-
memory/3136-12-0x0000000010540000-0x0000000010564000-memory.dmpFilesize
144KB
-
memory/3136-14-0x0000000000400000-0x0000000000422000-memory.dmpFilesize
136KB
-
memory/3928-2-0x0000000000640000-0x0000000000641000-memory.dmpFilesize
4KB