Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
05/07/2024, 10:19
General
-
Target
3.exe
-
Size
1.2MB
-
MD5
e5b5f2acaac765e2a1f16de186a311c4
-
SHA1
ccd6b160bf08351066de9b2514485fc831c5a99d
-
SHA256
c09eb8a1ab2aefadcbe898040b91f19035a69f38c3c4e5bde1c8aa11da2c9589
-
SHA512
fe7e5ffff19d5e8ae5465841c106f9f379019bf5779857120d59acddc1f3d22b4f75e1be5fdf585e85c76f19d5248168056eeb1e113d634dd3f2ff62fc4f8b95
-
SSDEEP
24576:xAHnh+eWsN3skA4RV1Hom2KXMmHa3xWgTaqeZHLJWHC6JBnX5:Ih+ZkldoPK8Ya3s02Z1WHCOBp
Score
10/10
Malware Config
Extracted
Family
remcos
Botnet
WDPTR
C2
www.dpm-sael.com:2017
Attributes
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
WDKGB-9QV8JL
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Signatures
-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3.exe"C:\Users\Admin\AppData\Local\Temp\3.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
-
Filesize
520KB
-
Filesize
520KB
-
Filesize
520KB
-
Filesize
520KB
-
Filesize
520KB
-
Filesize
520KB
-
Filesize
520KB
-
Filesize
520KB
-
Filesize
520KB
-
Filesize
520KB
-
Filesize
520KB
-
Filesize
520KB
-
Filesize
520KB