Overview

overview

3

Static

static

3

RcoOPT/Rco.exe

windows10-2004-x64

1

RcoOPT/imgui.ini

windows10-2004-x64

1

Analysis

  • max time kernel
    146s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-03-2024 01:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RcoOPT/imgui.ini

  • Size

    103B

  • MD5

    0f0cf08c4aa00711fe2bc8ae15d0f6d4

  • SHA1

    554440ade598cc0bd80fd5ed5d97812cd6ab10cf

  • SHA256

    3ea0d7c62fc18bf7c7c673f489565719a263206233bf971aeb9fa265d2c75950

  • SHA512

    1022b097da7f0df8a2a6051c0cf36acb24e9972bddd1d69402c0ed3167801d3e9f8d53f38e578fdce8903f996ea5c695a2d1b0213e5099cf3ed3a1413a3ef9d5

Score
1/10

Malware Config

Signatures

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\RcoOPT\imgui.ini
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:544
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4152 --field-trial-handle=3016,i,1323102786462900035,7687994236215859601,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3784

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads