Overview

overview

10

Static

static

10

e2b0c5d95f...2d.exe

windows7_x64

10

e2b0c5d95f...2d.exe

windows10-2004_x64

7

Analysis

  • max time kernel
    146s
  • max time network
    172s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    24-05-2022 22:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e2b0c5d95f9948b45b28b909ec716fe8df305d2b63d6b8e433aee3279929b32d.exe

  • Size

    365KB

  • MD5

    def2219991114fbac93aca787579946c

  • SHA1

    e2c877782f16b786db3d569895a23fe9920e2ad4

  • SHA256

    e2b0c5d95f9948b45b28b909ec716fe8df305d2b63d6b8e433aee3279929b32d

  • SHA512

    1f5252c63ed6959b96fcc10863dee2f39ef949f2d18905f821fb429d5e471345b7564bd0bccdee22eeefdcced3a883bd0b5bc9e29bbabb2442a17ebdd4793109

Score
10/10
suricata

Malware Config

Signatures

  • suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup

    suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup

    suricata
  • Unexpected DNS network traffic destination 9 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2b0c5d95f9948b45b28b909ec716fe8df305d2b63d6b8e433aee3279929b32d.exe
    "C:\Users\Admin\AppData\Local\Temp\e2b0c5d95f9948b45b28b909ec716fe8df305d2b63d6b8e433aee3279929b32d.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1752-54-0x00000000750C1000-0x00000000750C3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1752-55-0x0000000002CD0000-0x0000000003CD0000-memory.dmp

    Filesize

    16.0MB

    Download