Overview

overview

10

Static

static

revil.exe

windows7_x64

8

revil.exe

windows10_x64

10

Resubmissions

09-07-2021 18:43

210709-xh8gzcvt82 10

03-07-2021 05:47

210703-97x2n2g7ps 10

Analysis

  • max time kernel
    2s
  • max time network
    38s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    03-07-2021 05:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    revil.exe

  • Size

    890KB

  • MD5

    561cffbaba71a6e8cc1cdceda990ead4

  • SHA1

    5162f14d75e96edb914d1756349d6e11583db0b0

  • SHA256

    d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e

  • SHA512

    09149b9825db2c9e6d2ec6665abc64b0b7aaafaa47c921c5bf0062cd7bedd1fc64cf54646a098f45fc4b930f5fbecee586fe839950c9135f64ea722b00baa50e

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\revil.exe
    "C:\Users\Admin\AppData\Local\Temp\revil.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:640
    • C:\Windows\MsMpEng.exe
      "C:\Windows\MsMpEng.exe"
      2⤵
      • Executes dropped EXE
      PID:1072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\MsMpEng.exe
    MD5

    8cc83221870dd07144e63df594c391d9

    SHA1

    3d409b39b8502fcd23335a878f2cbdaf6d721995

    SHA256

    33bc14d231a4afaa18f06513766d5f69d8b88f1e697cd127d24fb4b72ad44c7a

    SHA512

    e7f964a10a8799310a519fa569d264f652e13cc7ea199792dc6a5c0507dec4a12844a87bf8bab714255dce717839908ed5d967ce8f65f5520fe4e7f9d25a622c

    Download Submit

  • C:\Windows\mpsvc.dll
    MD5

    a47cf00aedf769d60d58bfe00c0b5421

    SHA1

    656c4d285ea518d90c1b669b79af475db31e30b1

    SHA256

    8dd620d9aeb35960bb766458c8890ede987c33d239cf730f93fe49d90ae759dd

    SHA512

    4c2dcad3bd478fa70d086b7426d55976caa7ffc3d120c9c805cbb49eae910123c496bf2356066afcacba12ba05c963bbb8d95ed7f548479c90fec57aa16e4637

    Download Submit

  • memory/1072-59-0x0000000000000000-mapping.dmp

    Download

  • memory/1072-62-0x0000000074F31000-0x0000000074F33000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1072-63-0x00000000001D0000-0x00000000001F2000-memory.dmp

    Filesize

    136KB

    Download