Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2024 11:25

General

  • Target

    remcmdstub.exe

  • Size

    71KB

  • MD5

    c6b00dcc026bc1dbb7bace7859e18414

  • SHA1

    bb83b12d3bb6c79d6b4c968de9b6e9f0ebf4beb7

  • SHA256

    82a5b0a5f16eb2045e74726cea1af7eda7ce93125f1d2480afeb168587928f55

  • SHA512

    5514496a21a07c6d03962df78a3a4ade54e6ffe8b2ebc646c016185251c95f0708bbf737377499acb7b31931e2bfb3b5aa94c34d269e267731bac85a8d2baf43

  • SSDEEP

    1536:WfanvXuNOwphKuyUHTqYXHhrXH4xLIygAo4wbioQ+E5sw8LQ+8iAG:ganPSpAFUzt0xLIygDiYQDG

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\remcmdstub.exe
    "C:\Users\Admin\AppData\Local\Temp\remcmdstub.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads