Overview

overview

10

Static

static

111d60990d...dd.exe

windows7_x64

10

111d60990d...dd.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    130s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    07-03-2022 11:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    111d60990d8aaadbfcc5585ff56d7ed8d597978e1069b06a206ca0552b2150dd.exe

  • Size

    99KB

  • MD5

    36f59c964d963935ae77621ca6e57a41

  • SHA1

    a81fba0cedfba66d84ffe2d2fd0b3803b099cbfc

  • SHA256

    111d60990d8aaadbfcc5585ff56d7ed8d597978e1069b06a206ca0552b2150dd

  • SHA512

    b7518ef642eb62c836ba8ea4256d815c877490b1e68906c2f099f7f484380eba22e6cbec6bcb61af4611f52218306993a356017f0c196fada2d6380f2bcd4c63

Score
10/10
revengeratstealertrojan

Malware Config

Signatures

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat
  • RevengeRat Executable 3 IoCs
    stealer
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\111d60990d8aaadbfcc5585ff56d7ed8d597978e1069b06a206ca0552b2150dd.exe
    "C:\Users\Admin\AppData\Local\Temp\111d60990d8aaadbfcc5585ff56d7ed8d597978e1069b06a206ca0552b2150dd.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:376
    • C:\Users\Admin\AppData\Local\Temp\111d60990d8aaadbfcc5585ff56d7ed8d597978e1069b06a206ca0552b2150dd.exe
      "{path}"
      2⤵
        PID:1704
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 200
          3⤵
          • Program crash
          PID:1200
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1704 -ip 1704
      1⤵
        PID:2180

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/376-130-0x0000000074F90000-0x0000000075740000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/376-131-0x0000000000570000-0x0000000000592000-memory.dmp

        Filesize

        136KB

        Download

      • memory/376-133-0x0000000009990000-0x0000000009F34000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/376-132-0x0000000004E50000-0x0000000004E51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/376-134-0x0000000004E60000-0x0000000004EFC000-memory.dmp

        Filesize

        624KB

        Download

      • memory/1704-136-0x0000000000390000-0x00000000003A6000-memory.dmp

        Filesize

        88KB

        Download

      • memory/1704-139-0x0000000000390000-0x00000000003A6000-memory.dmp

        Filesize

        88KB

        Download

      • memory/1704-142-0x0000000000390000-0x00000000003A6000-memory.dmp

        Filesize

        88KB

        Download