Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    19-04-2022 12:50

General

  • Target

    2737ad9cc96e5de2eb6168b13797a46771b897ed3e2ebd5f1b68da0a8b065596.exe

  • Size

    298KB

  • MD5

    d624b833b5852fee03fa71b1f0188b91

  • SHA1

    e849bf579e9e27b75478f544f9c760fee46d30d7

  • SHA256

    2737ad9cc96e5de2eb6168b13797a46771b897ed3e2ebd5f1b68da0a8b065596

  • SHA512

    847d1bac3f055cb481879ae54357501a4858160f1c1b2c8fdfe540b7fd63d056171865a8a28e213f24de646b0489776dc1fb5b4cf604b5c5257703e213aa5e6d

Malware Config

Signatures

  • RevcodeRat, WebMonitorRat

    WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

  • Unexpected DNS network traffic destination 6 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2737ad9cc96e5de2eb6168b13797a46771b897ed3e2ebd5f1b68da0a8b065596.exe
    "C:\Users\Admin\AppData\Local\Temp\2737ad9cc96e5de2eb6168b13797a46771b897ed3e2ebd5f1b68da0a8b065596.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: RenamesItself
    PID:1708

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1708-54-0x0000000075A61000-0x0000000075A63000-memory.dmp

    Filesize

    8KB