Analysis
-
max time kernel
159s -
max time network
170s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
07-03-2022 11:10
General
-
Target
91634dbbc3ac12dee468234cb1bab87e8875b940eae02c29e05611ec18e2cd16.exe
-
Size
99KB
-
MD5
2a63d88b403e251d2587eb0fa5972356
-
SHA1
d854b2e080cae641d50c09b5cc3e6bb2454c8ded
-
SHA256
91634dbbc3ac12dee468234cb1bab87e8875b940eae02c29e05611ec18e2cd16
-
SHA512
ffbcee55035f3c2c83e4d856c2a1badfc690e22cffdd14a4ead46990ee24baf96cda399ad6312e94d8ce0e05c00a91d2a25751370144f43743e6447fa54c21ce
Score
10/10
Malware Config
Signatures
-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
RevengeRat Executable 5 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 25 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 18 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\91634dbbc3ac12dee468234cb1bab87e8875b940eae02c29e05611ec18e2cd16.exe"C:\Users\Admin\AppData\Local\Temp\91634dbbc3ac12dee468234cb1bab87e8875b940eae02c29e05611ec18e2cd16.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svchost.exe"{path}"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.03⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1236 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\7w612sw\imagestore.datMD5
42792c14f0dcfdc45243d021a8fa0624
SHA12829b361df36f5008b40e3fe195df7a7042dee0d
SHA25618d073fd1858688486490f61b28169c4cbd383ae81b4b9514741afc705f31287
SHA512d2031fe222f9c3a26018aa3b25cf28197cf8f55fd7ee4e695b5140c08cd34daf698f0a7149f967832f3667d2abb6c2539f30e66c09bf3c870c01cec719cbf135
-
memory/556-68-0x0000000000400000-0x0000000000416000-memory.dmpFilesize
88KB
-
memory/556-60-0x0000000000400000-0x0000000000416000-memory.dmpFilesize
88KB
-
memory/556-62-0x0000000000400000-0x0000000000416000-memory.dmpFilesize
88KB
-
memory/556-64-0x0000000000400000-0x0000000000416000-memory.dmpFilesize
88KB
-
memory/556-66-0x0000000000400000-0x0000000000416000-memory.dmpFilesize
88KB
-
memory/556-70-0x0000000000400000-0x0000000000416000-memory.dmpFilesize
88KB
-
memory/556-72-0x0000000000400000-0x0000000000416000-memory.dmpFilesize
88KB
-
memory/556-73-0x0000000074EC1000-0x0000000074EC3000-memory.dmpFilesize
8KB
-
memory/1652-57-0x00000000002F0000-0x00000000002F6000-memory.dmpFilesize
24KB
-
memory/1652-58-0x0000000000450000-0x0000000000451000-memory.dmpFilesize
4KB
-
memory/1652-59-0x0000000000300000-0x000000000030C000-memory.dmpFilesize
48KB
-
memory/1652-55-0x00000000744D0000-0x0000000074BBE000-memory.dmpFilesize
6.9MB
-
memory/1652-56-0x0000000000960000-0x0000000000982000-memory.dmpFilesize
136KB