eecc7116c5730d44a829ee1e1d91cada1e9deb98122b358503e493aa5e60087a

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
23/01/2025, 16:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1737648608d6e5c4bff7f57356e0f8f21179cf1963e8689a7a7b90f7e9eee58abb2e0511df554.dat-decoded.exe
Size

482KB
MD5

e27c32776702de27eebe7c57d9f588c3
SHA1

53d540479ae70df2a8fa050c5a242a1025fbe597
SHA256

eecc7116c5730d44a829ee1e1d91cada1e9deb98122b358503e493aa5e60087a
SHA512

379d8b178d0642c679ca619845d19bd5ff340f7bb5dd2c279278855c953f3547776d31b826ae0bf0b4527baaaceb61bbefb297890a5c173d8524e19bcf63091d
SSDEEP

12288:x13ak/mBXTG4/1v08KI7ZnMEF76JqmsvZQwS:jak/mBXTV/R0nEF76gFZH

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2692	WScript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1737648608d6e5c4bff7f57356e0f8f21179cf1963e8689a7a7b90f7e9eee58abb2e0511df554.dat-decoded.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2396	1737648608d6e5c4bff7f57356e0f8f21179cf1963e8689a7a7b90f7e9eee58abb2e0511df554.dat-decoded.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 2692	2396	1737648608d6e5c4bff7f57356e0f8f21179cf1963e8689a7a7b90f7e9eee58abb2e0511df554.dat-decoded.exe	32
PID 2396 wrote to memory of 2692	2396	1737648608d6e5c4bff7f57356e0f8f21179cf1963e8689a7a7b90f7e9eee58abb2e0511df554.dat-decoded.exe	32
PID 2396 wrote to memory of 2692	2396	1737648608d6e5c4bff7f57356e0f8f21179cf1963e8689a7a7b90f7e9eee58abb2e0511df554.dat-decoded.exe	32
PID 2396 wrote to memory of 2692	2396	1737648608d6e5c4bff7f57356e0f8f21179cf1963e8689a7a7b90f7e9eee58abb2e0511df554.dat-decoded.exe	32

C:\Users\Admin\AppData\Local\Temp\1737648608d6e5c4bff7f57356e0f8f21179cf1963e8689a7a7b90f7e9eee58abb2e0511df554.dat-decoded.exe
"C:\Users\Admin\AppData\Local\Temp\1737648608d6e5c4bff7f57356e0f8f21179cf1963e8689a7a7b90f7e9eee58abb2e0511df554.dat-decoded.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\qhlzybrvkxmfpjihmhzaljwzovajfwrlni.vbs"
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  PID:2692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\remcos\logs.dat

Filesize
144B

MD5
91823113fc0439d52600c76376419001

SHA1
e104d9a4936217820c1a2b6c3448dde603b3841c

SHA256
bbbcab5a14b54e47641afe7c4b31c009c293a168535731a80ac900fe35c3723a

SHA512
0e75e02f908a0a2220f794ca572db5a2a1d7dab1a1cde1c38ada5e2a6750ae68b29e2f8924559ebe0864c8be4073a9fc6e240c4f347989e19db0817dedd0c48d

Download Submit
C:\Users\Admin\AppData\Local\Temp\qhlzybrvkxmfpjihmhzaljwzovajfwrlni.vbs

Filesize
828B

MD5
d3f6752db373b7e25bf6d4ed679c1cc5

SHA1
111c25fb81f6726e76470643db1adf46c048b9dc

SHA256
c5d0ca6c848e8ffb090f70b40a14d1841e087175077fdac6d7e8b9d4d6989a60

SHA512
5cccd41a55ae1df0c576ee7016f128cb6b1049148cc6de2eb7220330da43a631410568215b67f3d10de23b8dec7358f82951704e1056083fbd049823f1b144fb

Download Submit