Overview

overview

10

Static

static

1

revosetup.exe

windows7-x64

10

revosetup.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1s
  • max time network
    5s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-06-2024 16:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    revosetup.exe

  • Size

    6.6MB

  • MD5

    63150c4846bfbcf27fa70ccaa8a01943

  • SHA1

    bfe32dcc00b041e0007a883af1588f354bb9f032

  • SHA256

    a05acc9172e98ec6a6a7f923f5c648cc7a7c4e02bbcaaa5a6d9663229e662c24

  • SHA512

    7c0c8065c83529ffe9cf092a7ffb19f59252015d643bded9cf5459e6e6a4c582962ab6e36b330275a79649fa6e8d3da01cb95352870a52fa159bb278b967cd90

  • SSDEEP

    98304:MPyYn2kIIR7ABl27MwarecfhZzwStzDtAVl3gaSZmg4MPyDv0bSpkmmf6osFQaiS:q7Vty27MJzw6z8X4mgJSyNyos6ac4l

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\revosetup.exe
    "C:\Users\Admin\AppData\Local\Temp\revosetup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3220
    • C:\Users\Admin\AppData\Local\Temp\is-GBA2T.tmp\revosetup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-GBA2T.tmp\revosetup.tmp" /SL5="$70180,6355320,266240,C:\Users\Admin\AppData\Local\Temp\revosetup.exe"
      2⤵
      • Executes dropped EXE
      PID:4816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-GBA2T.tmp\revosetup.tmp
    Filesize

    1.3MB

    MD5

    7b77e7c3ebd213d95c4d909716f10030

    SHA1

    1c00eb97b4f154e209162bee83a84a6f1d1ef034

    SHA256

    a1bab1631135a982dfec6024b1ef8eb1ea2bce519cd832d9151e95e8def916d2

    SHA512

    fb6f95d42a936911b66861280cdeee77e2125c6b30141eb66daff402453d635a87a7f8ec9435ceb7ad4fddb473d6347a787bedb5649aa3abb234aceeeaaf8dcd

    Download Submit

  • memory/3220-0-0x0000000000400000-0x000000000044B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/3220-2-0x0000000000401000-0x0000000000412000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4816-6-0x0000000000400000-0x0000000000551000-memory.dmp

    Filesize

    1.3MB

    Download