Overview

overview

10

Static

static

1

644abe43a2...18.exe

windows7-x64

10

644abe43a2...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    21/05/2024, 18:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    644abe43a24b1aed27e77e420903f643_JaffaCakes118.exe

  • Size

    604KB

  • MD5

    644abe43a24b1aed27e77e420903f643

  • SHA1

    9e17e7ac8c6d91ee318af1464f62a601a9ef2cb8

  • SHA256

    24c0e9f0553a08dbd8f16615a205f56223dbb57313e3aacdd2d8b611075e77e4

  • SHA512

    178c5e75fb8e69acbf7c3a75ca47a7de5521d388b92bec735bf77aa101b0ae2a9bf0b619c14164f6f68626aa25e22d4f1481358f71353ddb94a760ee46b508c2

  • SSDEEP

    6144:UKWlw1DxXHp9fCEc2PI4Saq9JNl6zBY4o83fqysVufBn597NX2V0:U7lw1DxXp9fXHPIz3vtysgfBnnl2V0

Score
10/10
revengeratstealertrojan

Malware Config

Signatures

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat
  • RevengeRat Executable 1 IoCs
    stealer
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\644abe43a24b1aed27e77e420903f643_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\644abe43a24b1aed27e77e420903f643_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1492
    • C:\Users\Admin\AppData\Local\Temp\OCS\ocs_v71.exe
      C:\Users\Admin\AppData\Local\Temp\OCS\ocs_v71.exe -install -54434419 -chipde -8dfce967b86d4132b56f0b91d6869b2b - -ChromeBundle -bajiehfangrvpsjv -393500
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\OCS\bajiehfangrvpsjv.dat
    Filesize

    83B

    MD5

    4a08f9fc1e5cb1c9dad1c9d97eb5d5ec

    SHA1

    4cbb750eee32ed3e9808061df12a16d27b4e124b

    SHA256

    0a2d961a02958b43657174cd1c8323b7c98a2e1e8cb03c7bf94687e58139a8c5

    SHA512

    edcbeb1af3020335d4971b0289ac0653f3b2126bd31997b4def9e905d3d9117e91ce98f49d6d896aefa12746bc749548167723eba807ca7c0d2191b2845f0b1c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\OCS\ocs_v71.exe
    Filesize

    292KB

    MD5

    ad68076fb58a634cba05c9396b0f20af

    SHA1

    dabc08bdf0203f5946101a0eea51d494e87f67b9

    SHA256

    dc712ebab17c0bf8d73a1c5b5b3b053fd1e665a2d6ad21eb5a9b34da6e844a5a

    SHA512

    be7f294cd4835353ab121a2de655f4a99718096f078713bd1bc8c2d2a847937bafe6853b13bb7c41178f1b33aeacf3af3d13b80f1494cca4489472458a1b63ba

    Download Submit

  • memory/1124-12-0x000007FEF635E000-0x000007FEF635F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1124-14-0x000007FEF60A0000-0x000007FEF6A3D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1124-15-0x000007FEF60A0000-0x000007FEF6A3D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1124-16-0x000007FEF60A0000-0x000007FEF6A3D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1124-17-0x000007FEF60A0000-0x000007FEF6A3D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1124-18-0x000007FEF60A0000-0x000007FEF6A3D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1124-19-0x000007FEF60A0000-0x000007FEF6A3D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1124-20-0x000007FEF60A0000-0x000007FEF6A3D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1124-21-0x000007FEF60A0000-0x000007FEF6A3D000-memory.dmp

    Filesize

    9.6MB

    Download