Overview

overview

10

Static

static

1

CareAbout.exe

windows7-x64

10

CareAbout.exe

windows10-2004-x64

10

HTCTL32.dll

windows7-x64

1

HTCTL32.dll

windows10-2004-x64

3

PCICHEK.dll

windows7-x64

1

PCICHEK.dll

windows10-2004-x64

1

PCICL32.dll

windows7-x64

1

PCICL32.dll

windows10-2004-x64

1

TCCTL32.dll

windows7-x64

1

TCCTL32.dll

windows10-2004-x64

1

msvcr100.dll

windows7-x64

3

msvcr100.dll

windows10-2004-x64

3

pcicapi.dll

windows7-x64

1

pcicapi.dll

windows10-2004-x64

1

remcmdstub.exe

windows7-x64

1

remcmdstub.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    132s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230831-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-09-2023 18:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    remcmdstub.exe

  • Size

    53KB

  • MD5

    fe8978aeac17836d0b99c3edb88de357

  • SHA1

    d7320274619baeb175855406d1027d02f845fb6c

  • SHA256

    577927563589c3c9d05c510bce5f3cd9a55ea1de155e50e87c066bbff290a6fe

  • SHA512

    68b6c647b40f071a602dcecd580232aca8434c7338837debda9d1ec37776415f680ac184ffb1497c93caa7353276d41d5df77538e004c1ffd168217df2cb5262

  • SSDEEP

    768:vehWO78043LHCTPQuw/T3cgCsMl2PLLW/bC:vAb43LuPQFTSl2PLaTC

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 3 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\remcmdstub.exe
    "C:\Users\Admin\AppData\Local\Temp\remcmdstub.exe"
    1⤵
      PID:5088
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k netsvcs -p
      1⤵
      • Drops file in System32 directory
      • Checks processor information in registry
      • Enumerates system info in registry
      PID:948

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\wsu6387.tmp
      Filesize

      14KB

      MD5

      c01eaa0bdcd7c30a42bbb35a9acbf574

      SHA1

      0aee3e1b873e41d040f1991819d0027b6cc68f54

      SHA256

      32297224427103aa1834dba276bf5d49cd5dd6bda0291422e47ad0d0706c6d40

      SHA512

      d26ff775ad39425933cd3df92209faa53ec5b701e65bfbcccc64ce8dd3e79f619a9bad7cc975a98a95f2006ae89e50551877fc315a3050e48d5ab89e0802e2b7

      Download Submit

    • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
      Filesize

      29KB

      MD5

      9862a37e19c4b15d8c0db4aa80b63fc5

      SHA1

      316523e8437906206fefb2e62cd23fcdf736849c

      SHA256

      ea891270a41e65e58bd54a41c50856e6bcd7175ddfb892f2f82969d259c7deee

      SHA512

      df32291b39795d7d53c4cc30df142eb1f5eaeb74ddee45eab1e72ed745ee98a4d6a72c8b7d42508e3e168dad500ae76a95f413ccfd8ea39bbc84132f724cd756

      Download Submit

    • C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat
      Filesize

      29KB

      MD5

      4ef2be90d2df544eea13feb36b752df8

      SHA1

      4c5efd2b2ac5dcb91ac42713599ba3202a4b7928

      SHA256

      eebc3efabc25abae6e0ed53b9a1294d3c4bf5be0bdc9dda0334dce2c96d54f92

      SHA512

      67ad582efd997b3959c28d75bf754dc44c58dcd6af4e905f4a842e41b34a2d39babf7f68205fb9ff570466f7910693e1e5d6fe2e9dd9ef69fccd880e357d4534

      Download Submit