General
-
Target
doc_07621DERG7011220213300.exe
-
Size
1.1MB
-
Sample
210502-6jrbgd9g7a
-
MD5
3295f12e797cd867575617f57c091b42
-
SHA1
e399c5bc013640afc56f21e19f45e971696f92f2
-
SHA256
210d63272f04545a7b964c5712b0157a9e9801500e063a15ecee4b2de2c87254
-
SHA512
a6e85e0f6095e00fd37af065c47892e025b59a0c63c62b3d33802565d5b2ca8c50caf0268a7fdd36b69847ecef2ae4e6a0e0310528b0de0fbad9cc6609831c8b
Static task
static1
Behavioral task
behavioral1
Sample
doc_07621DERG7011220213300.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
doc_07621DERG7011220213300.exe
Resource
win10v20210408
Malware Config
Extracted
remcos
www.swqrn.com:16108
Targets
-
-
Target
doc_07621DERG7011220213300.exe
-
Size
1.1MB
-
MD5
3295f12e797cd867575617f57c091b42
-
SHA1
e399c5bc013640afc56f21e19f45e971696f92f2
-
SHA256
210d63272f04545a7b964c5712b0157a9e9801500e063a15ecee4b2de2c87254
-
SHA512
a6e85e0f6095e00fd37af065c47892e025b59a0c63c62b3d33802565d5b2ca8c50caf0268a7fdd36b69847ecef2ae4e6a0e0310528b0de0fbad9cc6609831c8b
Score10/10-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-