Overview

overview

10

Static

static

3

1ba361bf8c...18.exe

windows7-x64

10

1ba361bf8c...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    134s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/05/2024, 08:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1ba361bf8c073990293ed37ef9baa134_JaffaCakes118.exe

  • Size

    38KB

  • MD5

    1ba361bf8c073990293ed37ef9baa134

  • SHA1

    29452eb1dcf9d91dc22197c9f0779599d672b4b0

  • SHA256

    4b4c5f9416a0f5c2599261d544af6e67addf1629c6366387e5a167b7966a8f79

  • SHA512

    c8b224b6e496b03ce4e94e2a3f6841e03b966914f7fe563ebffa7c316a84d3cab474a726a941cab3b7e5accd5a049741ec1e1e5f38e4fdcc951487dc939af6f5

  • SSDEEP

    768:8TVW3XvI6c4Efltn3WIzvu0x5GeK2ylUvhUHwIyccpJG5W+R4S:8TVWHvI34E3WIzvFG1v9McUG5Wu4S

Score
10/10
revengeratstealertrojan

Malware Config

Extracted

Family

revengerat

Mutex

Signatures

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat
  • RevengeRat Executable 1 IoCs
    stealer
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ba361bf8c073990293ed37ef9baa134_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1ba361bf8c073990293ed37ef9baa134_JaffaCakes118.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4180-0-0x00007FFA58395000-0x00007FFA58396000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4180-1-0x000000001BB10000-0x000000001BBB6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/4180-2-0x00007FFA580E0000-0x00007FFA58A81000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4180-3-0x00007FFA580E0000-0x00007FFA58A81000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4180-4-0x00000000013F0000-0x00000000013F8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4180-5-0x000000001C230000-0x000000001C6FE000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/4180-6-0x000000001C770000-0x000000001C7D2000-memory.dmp

    Filesize

    392KB

    Download

  • memory/4180-7-0x00007FFA580E0000-0x00007FFA58A81000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4180-8-0x00007FFA580E0000-0x00007FFA58A81000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4180-9-0x00007FFA58395000-0x00007FFA58396000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4180-10-0x00007FFA580E0000-0x00007FFA58A81000-memory.dmp

    Filesize

    9.6MB

    Download