Analysis Overview
SHA256
c5d6d93d875e65ad931c04b210768b1ab1042ea31045f902faa61983c32bd2e8
Threat Level: Known bad
The file c5d6d93d875e65ad931c04b210768b1ab1042ea31045f902faa61983c32bd2e8.exe was found to be: Known bad.
Malicious Activity Summary
Remcos
Drops startup file
Executes dropped EXE
Loads dropped DLL
AutoIT Executable
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-07-19 17:14
Signatures
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-19 17:14
Reported
2024-07-19 17:17
Platform
win7-20240704-en
Max time kernel
150s
Max time network
117s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs | C:\Users\Admin\AppData\Local\directory\name.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\c5d6d93d875e65ad931c04b210768b1ab1042ea31045f902faa61983c32bd2e8.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\c5d6d93d875e65ad931c04b210768b1ab1042ea31045f902faa61983c32bd2e8.exe
"C:\Users\Admin\AppData\Local\Temp\c5d6d93d875e65ad931c04b210768b1ab1042ea31045f902faa61983c32bd2e8.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\Temp\c5d6d93d875e65ad931c04b210768b1ab1042ea31045f902faa61983c32bd2e8.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\directory\name.exe"
Network
Files
memory/2544-10-0x0000000000210000-0x0000000000214000-memory.dmp
\Users\Admin\AppData\Local\directory\name.exe
| MD5 | 350dbaf45daa47766afc3eaef7b38f86 |
| SHA1 | 7f2bc96fad2413d980c91d1ab7f4827f1efde473 |
| SHA256 | c5d6d93d875e65ad931c04b210768b1ab1042ea31045f902faa61983c32bd2e8 |
| SHA512 | f07144ec25a18901af039469a10f45179d23395a0a1aff9e639a970c3d3f607dcc20c1cc268fd7d9c9c3c1dd018f8fa8e967e83dfa7ce27eb5b4f7cc37736455 |
C:\Users\Admin\AppData\Local\Temp\enterogenous
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\ambiparous
| MD5 | 9a24311e45aa35b437fad58ca6e897b8 |
| SHA1 | 903c2992f28907ee5ddd3f9dadb10674e3748d98 |
| SHA256 | c0ead61105f7498bda3bf388df5f30b42c3b95951fea8172274b4c9fcb6a25e9 |
| SHA512 | 726a58793cbd5a0f242d74cab9adb5efa6c383a2d7ef483a6f6728de268126f02e3eac8b0edd85728c08d0e6509c93aaacdbdd8ac4986dbc1d88f7e1c9138736 |
C:\Users\Admin\AppData\Local\Temp\aut9000.tmp
| MD5 | 67b2c36f30dd1c108b280242bd4bb082 |
| SHA1 | 0dee37739297ca6680ac9afcb4f9bf9574a883aa |
| SHA256 | ffc2208de4bf6d55235891c7c76b6010fedcca3d0e36d9066c1fb9cd1f16bc53 |
| SHA512 | 39c9bcd246653ad0f789c15ab2b5bdb64812f730edd2f10cdc36a59bf8b9aa7eb490f88377e70bda582bd93faf16fd5b3ddaf6ba2ef750a04acfbbe527f11296 |
C:\Users\Admin\AppData\Local\Temp\enterogenous
| MD5 | 498e29cf6f03a7cf3f3ab04e4807d2ce |
| SHA1 | 776154b7217bffa1d7b95818c23c177cf97fe61c |
| SHA256 | 29fa9699b9a904baba841ddf8bf1e0cff4e1acef8c3797a611b8e8107d9fa179 |
| SHA512 | 7e5adc47a700a71ee4c33725be6294e6bcc44d4b21b62061f9b8537a2f7eef913bfb153ef8dc750105d0ce616fedb18b333f31cb3ea8fd745a149c18a07191a8 |
C:\Users\Admin\AppData\Local\Temp\aut9020.tmp
| MD5 | d20eb93b9eb669da8778d5e556cd30fa |
| SHA1 | 50235c1fe07698b8f4841ad0a1efadd912f5228a |
| SHA256 | 3e363d8cc9da2fd006efe4167c7dee504dce49d2b4c48a71d8e757196383a8ba |
| SHA512 | c536f43b249c9e2e27749ae18c8b8f191e70f4c07daf3de709bd37052c9296c67a17c6be53efa0d0d133e6038b66a87b606cd985e35492237d6592644fadc932 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-19 17:14
Reported
2024-07-19 17:17
Platform
win10v2004-20240709-en
Max time kernel
149s
Max time network
146s
Command Line
Signatures
Remcos
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs | C:\Users\Admin\AppData\Local\directory\name.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\directory\name.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4948 wrote to memory of 4224 | N/A | C:\Users\Admin\AppData\Local\Temp\c5d6d93d875e65ad931c04b210768b1ab1042ea31045f902faa61983c32bd2e8.exe | C:\Users\Admin\AppData\Local\directory\name.exe |
| PID 4948 wrote to memory of 4224 | N/A | C:\Users\Admin\AppData\Local\Temp\c5d6d93d875e65ad931c04b210768b1ab1042ea31045f902faa61983c32bd2e8.exe | C:\Users\Admin\AppData\Local\directory\name.exe |
| PID 4948 wrote to memory of 4224 | N/A | C:\Users\Admin\AppData\Local\Temp\c5d6d93d875e65ad931c04b210768b1ab1042ea31045f902faa61983c32bd2e8.exe | C:\Users\Admin\AppData\Local\directory\name.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\c5d6d93d875e65ad931c04b210768b1ab1042ea31045f902faa61983c32bd2e8.exe
"C:\Users\Admin\AppData\Local\Temp\c5d6d93d875e65ad931c04b210768b1ab1042ea31045f902faa61983c32bd2e8.exe"
C:\Users\Admin\AppData\Local\directory\name.exe
"C:\Users\Admin\AppData\Local\Temp\c5d6d93d875e65ad931c04b210768b1ab1042ea31045f902faa61983c32bd2e8.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 22.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bossnacarpet.com | udp |
| US | 173.255.204.62:2556 | bossnacarpet.com | tcp |
| US | 8.8.8.8:53 | vegetachcnc.com | udp |
| US | 107.173.4.18:2556 | vegetachcnc.com | tcp |
| US | 8.8.8.8:53 | geoplugin.net | udp |
| NL | 178.237.33.50:80 | geoplugin.net | tcp |
| US | 8.8.8.8:53 | 18.4.173.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.33.237.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
memory/4948-10-0x0000000000B30000-0x0000000000B34000-memory.dmp
C:\Users\Admin\AppData\Local\directory\name.exe
| MD5 | 350dbaf45daa47766afc3eaef7b38f86 |
| SHA1 | 7f2bc96fad2413d980c91d1ab7f4827f1efde473 |
| SHA256 | c5d6d93d875e65ad931c04b210768b1ab1042ea31045f902faa61983c32bd2e8 |
| SHA512 | f07144ec25a18901af039469a10f45179d23395a0a1aff9e639a970c3d3f607dcc20c1cc268fd7d9c9c3c1dd018f8fa8e967e83dfa7ce27eb5b4f7cc37736455 |
C:\Users\Admin\AppData\Local\Temp\ambiparous
| MD5 | 9a24311e45aa35b437fad58ca6e897b8 |
| SHA1 | 903c2992f28907ee5ddd3f9dadb10674e3748d98 |
| SHA256 | c0ead61105f7498bda3bf388df5f30b42c3b95951fea8172274b4c9fcb6a25e9 |
| SHA512 | 726a58793cbd5a0f242d74cab9adb5efa6c383a2d7ef483a6f6728de268126f02e3eac8b0edd85728c08d0e6509c93aaacdbdd8ac4986dbc1d88f7e1c9138736 |
C:\Users\Admin\AppData\Local\Temp\enterogenous
| MD5 | 498e29cf6f03a7cf3f3ab04e4807d2ce |
| SHA1 | 776154b7217bffa1d7b95818c23c177cf97fe61c |
| SHA256 | 29fa9699b9a904baba841ddf8bf1e0cff4e1acef8c3797a611b8e8107d9fa179 |
| SHA512 | 7e5adc47a700a71ee4c33725be6294e6bcc44d4b21b62061f9b8537a2f7eef913bfb153ef8dc750105d0ce616fedb18b333f31cb3ea8fd745a149c18a07191a8 |
memory/4224-27-0x0000000000A20000-0x0000000000B6A000-memory.dmp
memory/4224-29-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4224-30-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4224-31-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4224-32-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4224-33-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4224-34-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4224-35-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4224-37-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4224-38-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4224-39-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4224-40-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4224-42-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4224-43-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4224-44-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4224-45-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4224-46-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4224-47-0x0000000000400000-0x0000000000482000-memory.dmp