Analysis
-
max time kernel
53s -
max time network
60s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
13-06-2023 11:26
Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
REvil_v2.06.exe
Resource
win7-20230220-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
REvil_v2.06.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
10 signatures
150 seconds
General
-
Target
REvil_v2.06.exe
-
Size
121KB
-
MD5
46a40ec6d39b7530830f3047cdebaa1b
-
SHA1
a1540914b5ceb9e772ee5898e777f48e3cd57010
-
SHA256
08c2d24cb9c632f9aa84254bb673c9df04d4ac23ee07e840794e9438b06e9bd2
-
SHA512
64d3bd219e939100612242a35d36db8636a18eb962ce174284359178b6abb29c957bb1a0083015b948ff17c30e01ddd46c12824a83d0698b03372effeae0aa12
-
SSDEEP
1536:vjVXKif7kaCtHM7qpo6ZQDtFnNi+ti09or2LkLpLik8ICS4Ao3uZskecjrzgPujd:J1MZwlLk9Bm3uWqgu6M1njIXi1
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 320 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 320 AUDIODG.EXE Token: 33 320 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 320 AUDIODG.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\REvil_v2.06.exe"C:\Users\Admin\AppData\Local\Temp\REvil_v2.06.exe"1⤵PID:1644
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:1756
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5681⤵
- Suspicious use of AdjustPrivilegeToken
PID:320