Overview

overview

10

Static

static

10

1092-56-0x...ry.exe

windows7_x64

10

1092-56-0x...ry.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    34s
  • max time network
    39s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    14-07-2022 04:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1092-56-0x00000000003D0000-0x0000000000B08000-memory.exe

  • Size

    7.2MB

  • MD5

    e469d75e2009e5b6fb781f30d88ab6f2

  • SHA1

    6d63a40f294e75a7bfd6bb36fb0ed68fd889e322

  • SHA256

    dd26d901965e77451135ac1f02ce11311935ccc8359ae633ded1f8649a51eb80

  • SHA512

    e4b4f292ab43020c77754fd926e34bb53a25cbbd166175cc0ef97f3f6f876d98205053a9a3a31a6b10f6a02ca691faf60f5a6d1ab7df19d0bc36651f24d1afc2

Score
10/10
remcosratthemida

Malware Config

Signatures

  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos
  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida

Processes

  • C:\Users\Admin\AppData\Local\Temp\1092-56-0x00000000003D0000-0x0000000000B08000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\1092-56-0x00000000003D0000-0x0000000000B08000-memory.exe"
    1⤵
      PID:1796

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1796-54-0x00000000003D0000-0x0000000000B08000-memory.dmp
      Filesize

      7.2MB

      Download