Overview

overview

10

Static

static

10

58dc1cfd31...92.exe

windows7-x64

10

58dc1cfd31...92.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-12-2023 06:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    58dc1cfd317058134777f77f86f62592.exe

  • Size

    456KB

  • MD5

    58dc1cfd317058134777f77f86f62592

  • SHA1

    22f19ee32e81d180be5c4e824d359456df811293

  • SHA256

    12a0e61c40e9664cd768c55b50d204e038067e9dfa34c04d0170426565eb2d2c

  • SHA512

    0d6984b84336c189eb590ae870b5a50ca81f3d90a7fe97ffdbfab9569b841711475054d6c1ea6e592ad9ae45e14ff70efcfd7c10effb865843a5e79b9a4be0c2

  • SSDEEP

    6144:cc53ezqVrhiBZ84M/k22nZcrTEfCNV0cjd2shWR5dhTAOZZ8jXCSrcDCu:n53ez1HzMc2k0EKNV5dlE//Z8eStu

Score
10/10
remcosrat

Malware Config

Signatures

  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\58dc1cfd317058134777f77f86f62592.exe
    "C:\Users\Admin\AppData\Local\Temp\58dc1cfd317058134777f77f86f62592.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\remcos\logs.dat
    Filesize

    148B

    MD5

    d4d269096be585085d87f896a10a6156

    SHA1

    8f6a3ebd8bca8fd43564960731b54455c7dc4bb8

    SHA256

    379ed8f4060a3705875a92b33851cc11a8ae29372ac184d15974b916f182a58d

    SHA512

    2daf2d0e0fc1deb5be11fd598e108b1bfacf8c5cb58a20b47ab8e6fe81217e745078ba37940b9f1df4e723c1f3e989ff4b7524ebb720311fb76d8589f566a45b

    Download Submit