Overview

overview

7

Static

static

4

RevoUninst...lp.pdf

windows7-x64

1

RevoUninst...lp.pdf

windows10-2004-x64

1

RevoUninst...rt.exe

windows7-x64

4

RevoUninst...rt.exe

windows10-2004-x64

1

RevoUninst...sh.ini

windows7-x64

1

RevoUninst...sh.ini

windows10-2004-x64

1

RevoUninst...Un.exe

windows7-x64

6

RevoUninst...Un.exe

windows10-2004-x64

6

RevoUninst...Un.exe

windows7-x64

6

RevoUninst...Un.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25-04-2024 14:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RevoUninstaller_Portable/RevoUPort.exe

  • Size

    200KB

  • MD5

    2f814a927d097a09911111dbf0fc2e93

  • SHA1

    8e4e953c60653a333182320345209765695d4e17

  • SHA256

    ef70640d701bf406f7008c9ef7dc594019c063e4436415c97033f0a998697edf

  • SHA512

    d57fa5fdd2ce0ed148e43814420103e0e340862d6a9c35714ede6fa059dad0b63963b790824cbc126535b97c23f2fd560eb0891050fc0f3996a30c7ee8e99619

  • SSDEEP

    3072:0kLnAdeRbvAZpoKIIn9xg//XHTfq2M0W30L/OHQ4HFs3qMGrfv8Th:3LAoYZCIn9SzsFwWqh

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 2 IoCs
  • Suspicious use of FindShellTrayWindow 10 IoCs
  • Suspicious use of SendNotifyMessage 10 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RevoUninstaller_Portable\RevoUPort.exe
    "C:\Users\Admin\AppData\Local\Temp\RevoUninstaller_Portable\RevoUPort.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2976
    • C:\Users\Admin\AppData\Local\Temp\RevoUninstaller_Portable\x64\RevoUn.exe
      C:\Users\Admin\AppData\Local\Temp\RevoUninstaller_Portable\x64\RevoUn.exe
      2⤵
      • Drops file in Windows directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\RevoUninstaller_Portable\settings.ini
    Filesize

    310B

    MD5

    6ecaab031111fcce0ff2731ab3c8a9e0

    SHA1

    c61ccbb6d71347c9e1673f4aa6210a0b0b11a6fb

    SHA256

    b12344b2457877b2942e0ad4e47fd260a0f1b15451317122ecbc7a36ea0f65b6

    SHA512

    b98053578cea8ab36fff704a403ebf18a438d96c941d48fa7a1326b08552e8b5a275eaf4d4d08e5bbbbde1eabdbb41e987269903949377544ad185971106ebbf

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\RevoUninstaller_Portable\settings.ini
    Filesize

    808B

    MD5

    f5a2526921b65b530daf69952d9ba658

    SHA1

    83f61b23d2ccc47551042df4503e633d5a5a2193

    SHA256

    4e9336ad25f47d9e5a094f5fbb5b116a2fd213fca3249905ba515b3d28481c48

    SHA512

    9bb3b29f2d46dd0a4e04fb4ae4c09fe48c09b0bb4ba34307be4081a2cf6ff4d0997bdeead2bc0e57aec61c84901d41501ef9ca45d2e87a0d73874bd02cbe80d3

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\RevoUninstaller_Portable\settings.ini
    Filesize

    860B

    MD5

    be0a819279589bdadf841c1dea2553c3

    SHA1

    2e703cc9aa1a2f0c34c43020b9c21049e3fd02a5

    SHA256

    f963d0ccbcfab5fb945f73ebbfeab2c28724be1ee9807bf38e852af04b7a8aa5

    SHA512

    dd49e60930f956221937326a7d0e4143cf23a1dca114bf73c9faaa2145c4b0155c59201d34dfa1cb903a28eaff7e5538d5db7e5e89955671f57ef82b9ecaa729

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\RevoUninstaller_Portable\settings.ini
    Filesize

    950B

    MD5

    66ae2de24db953c9e2007795d9765923

    SHA1

    393530262e7467d68b4bbca9bf00b53a6bdee5aa

    SHA256

    f741127201715a8cd34cb6a51693d873e49b8a60ab48754ee7d0da76bbc2fb42

    SHA512

    4da51f0fa60538d0220bb4cd89b2ef74805b91ca5a8165a537269c6fabcc13ef5e82fe31a8946cc599f4e2c9e2399f644eefa277c561291216a222f65859b530

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\RevoUninstaller_Portable\settings.ini
    Filesize

    998B

    MD5

    bcc89ffb1f8032d120f329e08d9ed49b

    SHA1

    399dad1f6b78ba114c1fa91ccf35eceb2465203a

    SHA256

    2ade7d99e0252db6c1fc8040fec0e301670729d3e074b17ef4d6b02448760bf1

    SHA512

    f970f97c5f71eeff24bd3241f57d315d977407b4d28e4791640d21a922363d2fc1979ea086791436deaf6422375465be700f34d081b2e7f0cc7eac5bd5206c8c

    Download Submit