aa15d5ded58e1dcb2099806b996750c23c2bcb6026f9a5876a8a9ba0e86e5531

Analysis

max time kernel
141s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Revo Uninstaller Pro 5.2.6.exe
Size

18.5MB
MD5

2413dc2fe7067dd7738d75446c140096
SHA1

f246ac96e8eb790593ceb0e37896542efc67afe7
SHA256

aa15d5ded58e1dcb2099806b996750c23c2bcb6026f9a5876a8a9ba0e86e5531
SHA512

a49312f62dae510f3f986508fe7dd500650afe95d2f6b92081f33c77636ff5d73c0b3fbcb6b3dc8120b8b83a95f8d82e46cf529263859ec2197f9bdf234b1bcf
SSDEEP

393216:gIBJiczqi8Alo2OtD6Zni1cOK8ZNK/WrH9PF2q5XFpBjFSF24S7ioXyj:RJ31z0VJOW79t2uXFp1FSE4AiCyj

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

Revo Uninstaller Pro 5.2.6.tmp

pid process

1208 Revo Uninstaller Pro 5.2.6.tmp
Loads dropped DLL 4 IoCs

Processes:

Revo Uninstaller Pro 5.2.6.tmp

pid process

1208 Revo Uninstaller Pro 5.2.6.tmp
1208 Revo Uninstaller Pro 5.2.6.tmp
1208 Revo Uninstaller Pro 5.2.6.tmp
1208 Revo Uninstaller Pro 5.2.6.tmp

Suspicious behavior: EnumeratesProcesses 32 IoCs

Processes:

Revo Uninstaller Pro 5.2.6.tmp

pid	process
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp
1208	Revo Uninstaller Pro 5.2.6.tmp

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

Revo Uninstaller Pro 5.2.6.tmp

pid process

1208 Revo Uninstaller Pro 5.2.6.tmp
1208 Revo Uninstaller Pro 5.2.6.tmp
1208 Revo Uninstaller Pro 5.2.6.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Revo Uninstaller Pro 5.2.6.exe

description	pid	process	target process
PID 2616 wrote to memory of 1208	2616	Revo Uninstaller Pro 5.2.6.exe	Revo Uninstaller Pro 5.2.6.tmp
PID 2616 wrote to memory of 1208	2616	Revo Uninstaller Pro 5.2.6.exe	Revo Uninstaller Pro 5.2.6.tmp
PID 2616 wrote to memory of 1208	2616	Revo Uninstaller Pro 5.2.6.exe	Revo Uninstaller Pro 5.2.6.tmp

C:\Users\Admin\AppData\Local\Temp\Revo Uninstaller Pro 5.2.6.exe
"C:\Users\Admin\AppData\Local\Temp\Revo Uninstaller Pro 5.2.6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2616

C:\Users\Admin\AppData\Local\Temp\is-1K7BR.tmp\Revo Uninstaller Pro 5.2.6.tmp
"C:\Users\Admin\AppData\Local\Temp\is-1K7BR.tmp\Revo Uninstaller Pro 5.2.6.tmp" /SL5="$9014E,19073109,67072,C:\Users\Admin\AppData\Local\Temp\Revo Uninstaller Pro 5.2.6.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-1K7BR.tmp\Revo Uninstaller Pro 5.2.6.tmp

Filesize
913KB

MD5
c0989fb1a591ef0539bdae060b14f5d6

SHA1
0460fb232d3aba235b044fecc59ee6a104cf3abc

SHA256
fb086910b21b2bf40ed9fe21f81280d3b8968fe2cae88b55404a0721d4aa31e2

SHA512
fd935276ef7d2d199e5e98a5e2d4ebc37e2bed41dbea8c44fb74947890d6f9a56dba6cb0d2620ccf05d1ada042309ed644d877b502e05fdc47f6e77eae06d6aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-I7CG1.tmp\ISTask.dll

Filesize
66KB

MD5
86a1311d51c00b278cb7f27796ea442e

SHA1
ac08ac9d08f8f5380e2a9a65f4117862aa861a19

SHA256
e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d

SHA512
129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-I7CG1.tmp\VclStylesInno.dll

Filesize
3.0MB

MD5
b0ca93ceb050a2feff0b19e65072bbb5

SHA1
7ebbbbe2d2acd8fd516f824338d254a33b69f08d

SHA256
0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246

SHA512
37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

Download Submit
memory/1208-11-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/1208-17-0x00000000072B0000-0x00000000072C6000-memory.dmp

Filesize
88KB

Download
memory/1208-27-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-53-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-84-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-83-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-82-0x0000000007A80000-0x0000000007A81000-memory.dmp

Filesize
4KB

Download
memory/1208-81-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-80-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-79-0x0000000007A70000-0x0000000007A71000-memory.dmp

Filesize
4KB

Download
memory/1208-78-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-77-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-76-0x0000000007A60000-0x0000000007A61000-memory.dmp

Filesize
4KB

Download
memory/1208-75-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-74-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-73-0x0000000007A50000-0x0000000007A51000-memory.dmp

Filesize
4KB

Download
memory/1208-72-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-71-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-70-0x0000000007A40000-0x0000000007A41000-memory.dmp

Filesize
4KB

Download
memory/1208-69-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-68-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-67-0x0000000007A30000-0x0000000007A31000-memory.dmp

Filesize
4KB

Download
memory/1208-66-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-65-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-64-0x0000000007A20000-0x0000000007A21000-memory.dmp

Filesize
4KB

Download
memory/1208-63-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-62-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-87-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/1208-61-0x0000000007A10000-0x0000000007A11000-memory.dmp

Filesize
4KB

Download
memory/1208-89-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/1208-90-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/1208-88-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/1208-60-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-59-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-58-0x0000000007A00000-0x0000000007A01000-memory.dmp

Filesize
4KB

Download
memory/1208-57-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-56-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-55-0x00000000079F0000-0x00000000079F1000-memory.dmp

Filesize
4KB

Download
memory/1208-54-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-49-0x00000000079D0000-0x00000000079D1000-memory.dmp

Filesize
4KB

Download
memory/1208-48-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-47-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-46-0x00000000079C0000-0x00000000079C1000-memory.dmp

Filesize
4KB

Download
memory/1208-45-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-44-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-43-0x00000000079B0000-0x00000000079B1000-memory.dmp

Filesize
4KB

Download
memory/1208-42-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-41-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-91-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/1208-40-0x00000000079A0000-0x00000000079A1000-memory.dmp

Filesize
4KB

Download
memory/1208-39-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-38-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-37-0x0000000007990000-0x0000000007991000-memory.dmp

Filesize
4KB

Download
memory/1208-34-0x0000000007980000-0x0000000007981000-memory.dmp

Filesize
4KB

Download
memory/1208-33-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-32-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-31-0x0000000007970000-0x0000000007971000-memory.dmp

Filesize
4KB

Download
memory/1208-30-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-29-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-28-0x0000000007960000-0x0000000007961000-memory.dmp

Filesize
4KB

Download
memory/1208-52-0x00000000079E0000-0x00000000079E1000-memory.dmp

Filesize
4KB

Download
memory/1208-51-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-50-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-36-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-35-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-26-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/1208-25-0x0000000007950000-0x0000000007951000-memory.dmp

Filesize
4KB

Download
memory/1208-23-0x00000000074E0000-0x00000000077FA000-memory.dmp

Filesize
3.1MB

Download
memory/1208-98-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/2616-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2616-2-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download