Overview

overview

10

Static

static

0784199419...f7.exe

windows7_x64

10

0784199419...f7.exe

windows10-2004_x64

1

Analysis

  • max time kernel
    151s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    31-05-2022 01:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    078419941922c5eebd315c0d07c8bf6cec629a021d4a01819013b7f996dc10f7.exe

  • Size

    97KB

  • MD5

    097799c75bbcdbe2cfd3bfdb88ec08f8

  • SHA1

    a18e324f0699d80abd23534613287e6d307c829d

  • SHA256

    078419941922c5eebd315c0d07c8bf6cec629a021d4a01819013b7f996dc10f7

  • SHA512

    d082373fe9670c2cea543cf28e618ce15a569055fa057ee9a02ef0fb701677700511b3cd6b4b913b0f1c3a6998732c0d9909b2ad536933519e5c9fec31ac80b9

Score
10/10
revengeratstealertrojan

Malware Config

Extracted

Family

revengerat

Mutex

Signatures

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat
  • RevengeRat Executable 1 IoCs
    stealer
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\078419941922c5eebd315c0d07c8bf6cec629a021d4a01819013b7f996dc10f7.exe
    "C:\Users\Admin\AppData\Local\Temp\078419941922c5eebd315c0d07c8bf6cec629a021d4a01819013b7f996dc10f7.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1520-54-0x0000000000F20000-0x0000000000F3E000-memory.dmp
    Filesize

    120KB

    Download
  • memory/1520-55-0x0000000000530000-0x00000000005EA000-memory.dmp
    Filesize

    744KB

    Download
  • memory/1520-56-0x000007FEF4840000-0x000007FEF5DC8000-memory.dmp
    Filesize

    21.5MB

    Download
  • memory/1520-57-0x000007FEF3C00000-0x000007FEF483F000-memory.dmp
    Filesize

    12.2MB

    Download
  • memory/1520-58-0x0000000000140000-0x0000000000148000-memory.dmp
    Filesize

    32KB

    Download
  • memory/1520-59-0x000007FEF3A10000-0x000007FEF3BF8000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/1520-60-0x000007FEF2AC0000-0x000007FEF3A0D000-memory.dmp
    Filesize

    15.3MB

    Download
  • memory/1520-61-0x000007FEEEF80000-0x000007FEEF9D0000-memory.dmp
    Filesize

    10.3MB

    Download
  • memory/1520-62-0x000007FEF28A0000-0x000007FEF2AB8000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/1520-63-0x000007FEF2770000-0x000007FEF289A000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1520-64-0x000007FEEE6F0000-0x000007FEEEF7C000-memory.dmp
    Filesize

    8.5MB

    Download
  • memory/1520-65-0x000007FEF4840000-0x000007FEF5DC8000-memory.dmp
    Filesize

    21.5MB

    Download
  • memory/1520-66-0x000007FEF3C00000-0x000007FEF483F000-memory.dmp
    Filesize

    12.2MB

    Download
  • memory/1520-67-0x000007FEF28A0000-0x000007FEF2AB8000-memory.dmp
    Filesize

    2.1MB

    Download