Analysis
-
max time kernel
151s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
08-04-2023 18:21
Static task
static1
Behavioral task
behavioral1
Sample
revosetup.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
revosetup.exe
Resource
win10v2004-20230220-en
General
-
Target
revosetup.exe
-
Size
6.6MB
-
MD5
e3574fa758b4bfc212fb9020dc882935
-
SHA1
2dccacd9037a88082214638440d4ccdf2a894990
-
SHA256
d6d51e144c72adbcf595cbba251001059980cb576f22530e45c53d9f5a0a4dfb
-
SHA512
d57e1f7d5247549f04cfd3cdfcd661be9d70c92a7f72d0b0c5a46ccec4ee98d93520eb4aa8a41561a03309b77ccdc7d4796940cc29eb612c521c1e3287f29ee9
-
SSDEEP
196608:Hdja9oHCYgyaUqjPCsqEc83U3pl6H5DUyXq:9ja9oHCPUqjbk3pYfa
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
revosetup.tmppid process 4176 revosetup.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
revosetup.exedescription pid process target process PID 4528 wrote to memory of 4176 4528 revosetup.exe revosetup.tmp PID 4528 wrote to memory of 4176 4528 revosetup.exe revosetup.tmp PID 4528 wrote to memory of 4176 4528 revosetup.exe revosetup.tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\revosetup.exe"C:\Users\Admin\AppData\Local\Temp\revosetup.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4528 -
C:\Users\Admin\AppData\Local\Temp\is-IBA74.tmp\revosetup.tmp"C:\Users\Admin\AppData\Local\Temp\is-IBA74.tmp\revosetup.tmp" /SL5="$C011C,6354921,266240,C:\Users\Admin\AppData\Local\Temp\revosetup.exe"2⤵
- Executes dropped EXE
PID:4176
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD50b68da15e95e3e76e0bf6058d153317e
SHA1e560c04d14c3c387cbf45d77a9205131e60776a9
SHA256ff41b93bfc3c910bbc7bb7d925debd4c680cbb87bbbca2f628d6d793bbbd5be2
SHA5120b7d73375de6ccd4a6ecef7aecc5a52245f565b565f6c1e525522c9b8bf59219d014d9113b46db72d506350e9af0c588ad51bb73eeecdaaded24791676e2a933