fd8b2fb37d0f146fef98dd7b6079fe40a4e04879e247f4a37ef12443ccf6c2b3

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 14:00

Target

RevoUninstaller_Portable/x64/RevoUn.exe
Size

14.4MB
MD5

dcf9c35c8dcfb6e4d90bfe97ac1a2b92
SHA1

1b15760c97b292dcc891fcb0624819dfa7a66135
SHA256

affb9421aa7bc562616fe0793cdb454925640ccff027ca8350e6a06b3f24c4b9
SHA512

cfe55a92ca297dae4269a7b8a30148df871f244c67b52dbac085b12966121846cd306992585926fec56b6e7a150b5478611e53e40e5841d327a8ca2312be5846
SSDEEP

196608:bB1bn4g/F2S4afjAzM39fOrwPWpGplR806IIIIIIIIIIIIIIIIIIIIIIIIIIIIIa:bf0g/F2S4afjr9fOUPWpGplR8ZWS

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

RevoUn.exe

pid process

3304 RevoUn.exe
3304 RevoUn.exe
3304 RevoUn.exe
3304 RevoUn.exe
3304 RevoUn.exe
Suspicious use of SendNotifyMessage 5 IoCs

Processes:

RevoUn.exe

pid process

3304 RevoUn.exe
3304 RevoUn.exe
3304 RevoUn.exe
3304 RevoUn.exe
3304 RevoUn.exe

Suspicious use of SetWindowsHookEx 13 IoCs

Processes:

RevoUn.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

C:\Users\Admin\AppData\Local\Temp\RevoUninstaller_Portable\settings.ini
Filesize
860B

MD5
be0a819279589bdadf841c1dea2553c3

SHA1
2e703cc9aa1a2f0c34c43020b9c21049e3fd02a5

SHA256
f963d0ccbcfab5fb945f73ebbfeab2c28724be1ee9807bf38e852af04b7a8aa5

SHA512
dd49e60930f956221937326a7d0e4143cf23a1dca114bf73c9faaa2145c4b0155c59201d34dfa1cb903a28eaff7e5538d5db7e5e89955671f57ef82b9ecaa729

Download Submit
C:\Users\Admin\AppData\Local\Temp\RevoUninstaller_Portable\settings.ini
Filesize
998B

MD5
bcc89ffb1f8032d120f329e08d9ed49b

SHA1
399dad1f6b78ba114c1fa91ccf35eceb2465203a

SHA256
2ade7d99e0252db6c1fc8040fec0e301670729d3e074b17ef4d6b02448760bf1

SHA512
f970f97c5f71eeff24bd3241f57d315d977407b4d28e4791640d21a922363d2fc1979ea086791436deaf6422375465be700f34d081b2e7f0cc7eac5bd5206c8c

Download Submit