Overview

overview

10

Static

static

10

RAVAntivir...vc.exe

windows7-x64

1

RAVAntivir...vc.exe

windows10-2004-x64

1

RAVAntivir...st.exe

windows7-x64

1

RAVAntivir...st.exe

windows10-2004-x64

1

RAVAntivir...me.dll

windows7-x64

1

RAVAntivir...me.dll

windows10-2004-x64

1

RAVAntivir...ON.dll

windows7-x64

1

RAVAntivir...ON.dll

windows10-2004-x64

1

RAVAntivir....A.exe

windows7-x64

1

RAVAntivir....A.exe

windows10-2004-x64

1

RAVAntivir....S.exe

windows7-x64

1

RAVAntivir....S.exe

windows10-2004-x64

1

RAVAntivir...er.dll

windows7-x64

1

RAVAntivir...er.dll

windows10-2004-x64

1

RAVAntivir...on.exe

windows7-x64

1

RAVAntivir...on.exe

windows10-2004-x64

1

RAVAntivir...xe.xml

windows7-x64

1

RAVAntivir...xe.xml

windows10-2004-x64

1

RAVAntivir...me.dll

windows7-x64

1

RAVAntivir...me.dll

windows10-2004-x64

1

RAVAntivir...SC.exe

windows7-x64

1

RAVAntivir...SC.exe

windows10-2004-x64

1

RAVAntivir...nt.dll

windows7-x64

1

RAVAntivir...nt.dll

windows10-2004-x64

1

RAVAntivir...m.html

windows7-x64

1

RAVAntivir...m.html

windows10-2004-x64

1

RAVAntivir...47.dll

windows7-x64

3

RAVAntivir...47.dll

windows10-2004-x64

1

RAVAntivir...eg.dll

windows7-x64

1

RAVAntivir...eg.dll

windows10-2004-x64

1

RAVAntivir...GL.dll

windows7-x64

1

RAVAntivir...GL.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    198s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-09-2022 23:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RAVAntivirus/rsRemediation.exe

  • Size

    133KB

  • MD5

    5759522b3a69cc0afe2ee52d2db81489

  • SHA1

    eeecf8df6398015dc5ddd9b072e8798fe82f6faa

  • SHA256

    b5777f61243958fe29e760089b213e1b691afd5c84296f1d3245cd40921f9b56

  • SHA512

    ffdc0fdf6d42c98f7cb40263d50eae4fe5e7e1e5feed11b8842b72e2c708e0b04451eed7163f2ece9a781a170f112e4efec93c17dbe3460244937433febf5234

  • SSDEEP

    1536:NjIJ/E19eM8p+H8GaAtxRuDTlrcLdrk3AgnMYln7HJTaRUL2MN1pfR87aY+Yzyy4:CJ/E1ay8GtcDqLdQ3l9lnNT526peA1Zz

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RAVAntivirus\rsRemediation.exe
    "C:\Users\Admin\AppData\Local\Temp\RAVAntivirus\rsRemediation.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1472-132-0x000002099AB80000-0x000002099ABA4000-memory.dmp
    Filesize

    144KB

    Download
  • memory/1472-133-0x00007FFBEBB00000-0x00007FFBEC5C1000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/1472-134-0x00000209B4F10000-0x00000209B4F48000-memory.dmp
    Filesize

    224KB

    Download
  • memory/1472-135-0x00007FFBEBB00000-0x00007FFBEC5C1000-memory.dmp
    Filesize

    10.8MB

    Download