Overview

overview

8

Static

static

revo-unins...er.exe

windows7-x64

8

revo-unins...er.exe

windows10-2004-x64

8

Resubmissions

16-01-2023 08:45

230116-kn1dqscd83 8

Analysis

  • max time kernel
    153s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-01-2023 08:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    revo-uninstaller-2.3.9-installer.exe

  • Size

    7.2MB

  • MD5

    4222e65bf5590bd4fe310783dcc08343

  • SHA1

    bcdee5d898da376bfa88584ff06b5f12b8246f54

  • SHA256

    75cbecc42713e245e15c132cd1adca9d8efa117cde3d2391fd62c85e8f8d2d28

  • SHA512

    4ca4ca118e3707fa107627e9dbd5d2eb4fe72611053afde3c1f76bded14fe4bb4a854881ddeeab5ec3e5ade6e6674b5e1e015b580da185c090ab4f033738bdd6

  • SSDEEP

    98304:tgFErXyfpw7MO9Ta/7QEsBhjtTBod4SfxqiVv7mDNtSrQPl08AmO7eZtNhG8EF:OSEO9TajCfBolJjEtSrQN09X7eZtNLU

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\revo-uninstaller-2.3.9-installer.exe
    "C:\Users\Admin\AppData\Local\Temp\revo-uninstaller-2.3.9-installer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1260
    • C:\Users\Admin\AppData\Local\Temp\is-HE9AS.tmp\revo-uninstaller-2.3.9-installer.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-HE9AS.tmp\revo-uninstaller-2.3.9-installer.tmp" /SL5="$701C4,6912806,266240,C:\Users\Admin\AppData\Local\Temp\revo-uninstaller-2.3.9-installer.exe"
      2⤵
      • Executes dropped EXE
      PID:1988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-HE9AS.tmp\revo-uninstaller-2.3.9-installer.tmp
    Filesize

    1.3MB

    MD5

    505cbe8fe6caf7d8a4669f4d7877cfbd

    SHA1

    58e4576f9b3df6c8741caa178953d435503a09e9

    SHA256

    8e863172edd9c2c58f1405fe0311e90a93be55c7dbe6a306bdd476b519948505

    SHA512

    001c2a3a85de962a79857148dedc994ac4269f6ce1381845d353ec591873d7238ae7453e851565e4d019570bb99e9ce299f1409f46a6127ab153fe38df07d3f5

    Download Submit

  • memory/1260-132-0x0000000000400000-0x000000000044B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/1260-134-0x0000000000400000-0x000000000044B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/1260-137-0x0000000000400000-0x000000000044B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/1988-135-0x0000000000000000-mapping.dmp

    Download