Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
14-05-2024 07:24
Behavioral task
behavioral1
Sample
remcos.dll
Resource
win7-20240508-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
remcos.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
remcos.dll
-
Size
284KB
-
MD5
3af6027d8bc971d8d6892010cbd28687
-
SHA1
3ce1aa65c5e8935bcfa66ae550e410153f690b35
-
SHA256
0416c5d3a1699a45cf6651c931dc5063a1e1a00f4c3847dd7876a9c9b90ab2fa
-
SHA512
e6589fe57a6068ac2fa9ca2b8169295f854f2abdd3809a3369c306e603e78a9641706fefc9947d2125d43742c7161383860f0ca61f3f91a878e3f2ca5e848ff0
-
SSDEEP
6144:YQ6PpOjD5gP+GGFqCl8VabJO2NRPS1AnWlnrE/HFuilU2pnd1hPWnU0f79u2tghz:6OjDmFA8uEe42lhMMw
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2424 wrote to memory of 2444 2424 rundll32.exe rundll32.exe PID 2424 wrote to memory of 2444 2424 rundll32.exe rundll32.exe PID 2424 wrote to memory of 2444 2424 rundll32.exe rundll32.exe PID 2424 wrote to memory of 2444 2424 rundll32.exe rundll32.exe PID 2424 wrote to memory of 2444 2424 rundll32.exe rundll32.exe PID 2424 wrote to memory of 2444 2424 rundll32.exe rundll32.exe PID 2424 wrote to memory of 2444 2424 rundll32.exe rundll32.exe