72c0def4e8f0e38d8f9fcc16c50957fda33fc907772d0784f020cad9ef867361

Resubmissions

16-01-2023 08:45

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
16-01-2023 08:45

Target

revo-uninstaller-2.3.9-installer.exe
Size

7.2MB
MD5

4222e65bf5590bd4fe310783dcc08343
SHA1

bcdee5d898da376bfa88584ff06b5f12b8246f54
SHA256

75cbecc42713e245e15c132cd1adca9d8efa117cde3d2391fd62c85e8f8d2d28
SHA512

4ca4ca118e3707fa107627e9dbd5d2eb4fe72611053afde3c1f76bded14fe4bb4a854881ddeeab5ec3e5ade6e6674b5e1e015b580da185c090ab4f033738bdd6
SSDEEP

98304:tgFErXyfpw7MO9Ta/7QEsBhjtTBod4SfxqiVv7mDNtSrQPl08AmO7eZtNhG8EF:OSEO9TajCfBolJjEtSrQN09X7eZtNLU

Score

8^/10

Executes dropped EXE 1 IoCs

Processes:

revo-uninstaller-2.3.9-installer.tmp

pid process

1484 revo-uninstaller-2.3.9-installer.tmp
Loads dropped DLL 1 IoCs

Processes:

revo-uninstaller-2.3.9-installer.exe

pid process

1672 revo-uninstaller-2.3.9-installer.exe

pid	process
1484	revo-uninstaller-2.3.9-installer.tmp

pid	process
1672	revo-uninstaller-2.3.9-installer.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

revo-uninstaller-2.3.9-installer.exe

description	pid	process	target process
PID 1672 wrote to memory of 1484	1672	revo-uninstaller-2.3.9-installer.exe	revo-uninstaller-2.3.9-installer.tmp
PID 1672 wrote to memory of 1484	1672	revo-uninstaller-2.3.9-installer.exe	revo-uninstaller-2.3.9-installer.tmp
PID 1672 wrote to memory of 1484	1672	revo-uninstaller-2.3.9-installer.exe	revo-uninstaller-2.3.9-installer.tmp
PID 1672 wrote to memory of 1484	1672	revo-uninstaller-2.3.9-installer.exe	revo-uninstaller-2.3.9-installer.tmp
PID 1672 wrote to memory of 1484	1672	revo-uninstaller-2.3.9-installer.exe	revo-uninstaller-2.3.9-installer.tmp
PID 1672 wrote to memory of 1484	1672	revo-uninstaller-2.3.9-installer.exe	revo-uninstaller-2.3.9-installer.tmp
PID 1672 wrote to memory of 1484	1672	revo-uninstaller-2.3.9-installer.exe	revo-uninstaller-2.3.9-installer.tmp

C:\Users\Admin\AppData\Local\Temp\revo-uninstaller-2.3.9-installer.exe
"C:\Users\Admin\AppData\Local\Temp\revo-uninstaller-2.3.9-installer.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Users\Admin\AppData\Local\Temp\is-G56E3.tmp\revo-uninstaller-2.3.9-installer.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-G56E3.tmp\revo-uninstaller-2.3.9-installer.tmp" /SL5="$90124,6912806,266240,C:\Users\Admin\AppData\Local\Temp\revo-uninstaller-2.3.9-installer.exe"
  2⤵
  - Executes dropped EXE
  PID:1484

C:\Users\Admin\AppData\Local\Temp\is-G56E3.tmp\revo-uninstaller-2.3.9-installer.tmp

Filesize
1.3MB

MD5
505cbe8fe6caf7d8a4669f4d7877cfbd

SHA1
58e4576f9b3df6c8741caa178953d435503a09e9

SHA256
8e863172edd9c2c58f1405fe0311e90a93be55c7dbe6a306bdd476b519948505

SHA512
001c2a3a85de962a79857148dedc994ac4269f6ce1381845d353ec591873d7238ae7453e851565e4d019570bb99e9ce299f1409f46a6127ab153fe38df07d3f5

Download Submit
\Users\Admin\AppData\Local\Temp\is-G56E3.tmp\revo-uninstaller-2.3.9-installer.tmp

Filesize
1.3MB

MD5
505cbe8fe6caf7d8a4669f4d7877cfbd

SHA1
58e4576f9b3df6c8741caa178953d435503a09e9

SHA256
8e863172edd9c2c58f1405fe0311e90a93be55c7dbe6a306bdd476b519948505

SHA512
001c2a3a85de962a79857148dedc994ac4269f6ce1381845d353ec591873d7238ae7453e851565e4d019570bb99e9ce299f1409f46a6127ab153fe38df07d3f5

Download Submit
memory/1484-58-0x0000000000000000-mapping.dmp

Download
memory/1672-54-0x0000000075DA1000-0x0000000075DA3000-memory.dmp

Filesize
8KB

Download
memory/1672-55-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/1672-61-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/1672-62-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download