Behavioral task
behavioral1
Sample
3944-190-0x0000000010590000-0x0000000010613000-memory.exe
Resource
win7-20230220-en
General
-
Target
3944-190-0x0000000010590000-0x0000000010613000-memory.dmp
-
Size
524KB
-
MD5
02348119fe38d05a1d8b351bf5ff4eff
-
SHA1
10bbd8e716c925d018f176cb70b17c90128fe73f
-
SHA256
e678a3d8be0cf692b30c2ff5f5bb05a4be8116ddbdc67e0ecd20dd5a409aec02
-
SHA512
ee4e24559c6e34fe287a871cb6c516fe6bfdcdfeb6f5e9cd178a15bde7d9bc82177fc252669d9cadf59044acf2c9b8fa98a80381951e79006937d5a36d134f41
-
SSDEEP
12288:FX8/Vx65HCnDAByqulR1fZJQGs/Z8oRq:K/Vc5HCnDABMfZJQNZ3
Malware Config
Signatures
-
Remcos family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 3944-190-0x0000000010590000-0x0000000010613000-memory.dmp
Files
-
3944-190-0x0000000010590000-0x0000000010613000-memory.dmp.exe windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
.text Size: 479KB - Virtual size: 512KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE