Overview

overview

10

Static

static

SecuriteIn...91.exe

windows7_x64

8

SecuriteIn...91.exe

windows10_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    143s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    05-05-2021 12:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Trojan.MSIL.Kryptik.4625f314.19991.25291.exe

  • Size

    897KB

  • MD5

    9f910ba7ff05efd30eb1c2316bb488e0

  • SHA1

    3b428f5cf8b0c43b8b63bbaf728669a83f66458e

  • SHA256

    0c2f78458061b2e848305409a90351eff2c4c31eed1a4667b6366bfdc43ef52a

  • SHA512

    5f6300857bce04ef5e883bb219d3f2257acdada1c29cec9dff0d438a8190f784b0c7bde44dbe80adb7f28fefe03c9ec57d0300066bed46b838a91d92a3f7c189

Score
10/10
remcosagilenetrat

Malware Config

Signatures

  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos
  • Executes dropped EXE 1 IoCs
  • Obfuscated with Agile.Net obfuscator 2 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.MSIL.Kryptik.4625f314.19991.25291.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.MSIL.Kryptik.4625f314.19991.25291.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1016
    • C:\Users\Admin\AppData\Local\Temp\svchost.exe
      "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
      2⤵
      • Executes dropped EXE
      PID:3808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\svchost.exe
    MD5

    6bdb3091562e7dd2c877472286b6cc46

    SHA1

    122ecbb7a23dc98c61f319cfb060f3cbd407db89

    SHA256

    87e4144b3f50e9a0635ea6a887a20ef0d7b1321a79793f9fa965b8defbdef698

    SHA512

    219d646d5d514c705f801cacc736ca1027613d6612c1d30a8d4156143f5344b125a297080926912e7abf94a09b80cae157ac44773e84dd95946a9feb44b10e94

    Download Submit
  • memory/1016-124-0x0000000006450000-0x0000000006451000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1016-125-0x0000000004CD0000-0x00000000051CE000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/1016-118-0x0000000004CD0000-0x0000000004CD1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1016-119-0x00000000050E0000-0x00000000050E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1016-121-0x0000000004CD0000-0x00000000051CE000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/1016-122-0x00000000063C0000-0x00000000063E1000-memory.dmp
    Filesize

    132KB

    Download
  • memory/1016-117-0x0000000004BD0000-0x0000000004BD1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1016-114-0x00000000002C0000-0x00000000002C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1016-123-0x00000000064C0000-0x00000000064C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1016-126-0x0000000006B30000-0x0000000006B3B000-memory.dmp
    Filesize

    44KB

    Download
  • memory/1016-127-0x0000000009130000-0x0000000009131000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1016-116-0x00000000051D0000-0x00000000051D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3808-129-0x000000000047823F-mapping.dmp
    Download
  • memory/3808-128-0x0000000000400000-0x000000000047E000-memory.dmp
    Filesize

    504KB

    Download
  • memory/3808-133-0x0000000000400000-0x000000000047E000-memory.dmp
    Filesize

    504KB

    Download