Analysis
-
max time kernel
136s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
22/03/2025, 20:11
General
-
Target
37cf1e299ce987a99ecb7e1064a7460321af4f732edfe87c0ccd20405d200bb8.exe
-
Size
92KB
-
MD5
6b432fe0187a20895df23ec7d3d352bf
-
SHA1
73e8715b770b762b442e27c21da750fa6127d00d
-
SHA256
37cf1e299ce987a99ecb7e1064a7460321af4f732edfe87c0ccd20405d200bb8
-
SHA512
809309530ea7cb6a63e4a9cd69ba044522e87514c32805304f2733cc691b2b18b87ccdca212da058a9045cad38da01ebfaa6a5e699b12ffb2d47202d45d3b5ef
-
SSDEEP
1536:ohhW0YTGZWdVseJxaM9kraLdV2QkQ1TbPX8IHOCkIsI4ESHNTh9E+JP19qkP63rv:uhzYTGWVvJ8f2v1TbPzuMsIFSHNThy+0
Score
10/10
Malware Config
Signatures
-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Remcos family
-
UAC bypass 3 TTPs 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry key 1 TTPs 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\37cf1e299ce987a99ecb7e1064a7460321af4f732edfe87c0ccd20405d200bb8.exe"C:\Users\Admin\AppData\Local\Temp\37cf1e299ce987a99ecb7e1064a7460321af4f732edfe87c0ccd20405d200bb8.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exeC:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f3⤵
- UAC bypass
- System Location Discovery: System Language Discovery
- Modifies registry key
-
-