Overview

overview

10

Static

static

10

remcos_a.exe

windows10-2004-x64

3

remcos_a.exe

windows11-21h2-x64

3

Analysis

  • max time kernel
    91s
  • max time network
    204s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    20/10/2024, 19:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    remcos_a.exe

  • Size

    469KB

  • MD5

    c6ce3d8923e9900a5ff06bc6a7688969

  • SHA1

    2ce144292f267fb9ef35f5d9ec3ba0a0b143d6f1

  • SHA256

    6e5156ce390a7a11e05cdc6fc3ea854ba42618cd3cd37c5308bf807f2fd1d794

  • SHA512

    041f27f7c4fe1dca343370cec2ae5f7d5e8a7cc799f86476ee69a78fa328439317838b7637f614c5d382eb44b6817c9b5a42034f109548e0f32c9cd650b13a2f

  • SSDEEP

    12288:omnk7iLJbpIpiRL6I2WhSKQ9ZsfZQSZn9:YiLJbpI7I2WhQqZ7Z9

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\remcos_a.exe
    "C:\Users\Admin\AppData\Local\Temp\remcos_a.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:800
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 560
      2⤵
      • Program crash
      PID:2528
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 800 -ip 800
    1⤵
      PID:3444

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads