Managed XDR

remote-access-windows64-offline.exe_ico — malware analysis report

File info

Filename
remote-access-windows64-offline.exe_ico
File type
PE32+ executable (GUI) x86-64, for MS Windows
File size
34 MB
First seen
Last seen

Environment

w10/x64 en

Hashes

SHA1
f49c5cb145d47300d2b7b6f437e59e0327289c3b
SHA256
c27ba7157ebe3bbbd7932a621aa58c2f90f21d98eddbd81c2b2f0ba1a1a61d9b
MD5
ff7339ac3a5c861de85fbc883710cac3

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.003 antisandbox_sleep: The process attempted to slow down analysis

Command and Control

T1032 internet_security_options: Sets Internet connections options that are not secure
T1071 internet_security_options: Sets Internet connections options that are not secure
T1071.001 wininet_https: Performs HTTP/HTTPS requests using WinInet

Other

yara_rules: Static rules
creates_exe: Creates executable files in the file system
dead_host: Connects to IP addresses that do not respond to requests
executes_dropped_exe: Executes dropped exe files
process_crashed: One of the processes has failed
create_rpc_bindings: Creates RPC connection
require_administrator: Requests administrator privileges
creates_suspended_process: Creates suspended process
creates_in_programdata: Creates files in the ProgramData directory
pe_overlay: PE file contains overlay
suricata_alert: Malicious traffic detected
static_big_overlay: Executable file contains an enormously big overlay
ce_info: SimpleHelp Configuration Data found
valid_authenticode: The digital signature has been verified