Overview

overview

7

Static

static

4

RevoUninst...nt.txt

windows10-2004-x64

4

RevoUninst...lp.pdf

windows10-2004-x64

3

RevoUninst...rt.exe

windows10-2004-x64

3

RevoUninst...rs.dat

windows10-2004-x64

3

RevoUninst...ch.ini

windows10-2004-x64

1

RevoUninst...sh.ini

windows10-2004-x64

1

RevoUninst...gs.ini

windows10-2004-x64

1

RevoUninst...rt.dat

windows10-2004-x64

3

RevoUninst...Un.exe

windows10-2004-x64

6

RevoUninst...on.bmp

windows10-2004-x64

7

RevoUninst...Un.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    93s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-08-2024 13:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RevoUninstaller_Portable/x64/RevoUn.exe

  • Size

    14.4MB

  • MD5

    dcf9c35c8dcfb6e4d90bfe97ac1a2b92

  • SHA1

    1b15760c97b292dcc891fcb0624819dfa7a66135

  • SHA256

    affb9421aa7bc562616fe0793cdb454925640ccff027ca8350e6a06b3f24c4b9

  • SHA512

    cfe55a92ca297dae4269a7b8a30148df871f244c67b52dbac085b12966121846cd306992585926fec56b6e7a150b5478611e53e40e5841d327a8ca2312be5846

  • SSDEEP

    196608:bB1bn4g/F2S4afjAzM39fOrwPWpGplR806IIIIIIIIIIIIIIIIIIIIIIIIIIIIIa:bf0g/F2S4afjr9fOUPWpGplR8ZWS

Score
6/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RevoUninstaller_Portable\x64\RevoUn.exe
    "C:\Users\Admin\AppData\Local\Temp\RevoUninstaller_Portable\x64\RevoUn.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:3876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\RevoUninstaller_Portable\settings.ini
    Filesize

    3KB

    MD5

    e8dd6bfec9511bf1c31cb9c68a85b8b2

    SHA1

    daeb0a5890d9c35aaa3642ec4df1673e471b83c7

    SHA256

    cb7a03fbeef81ecfd4554adcff489ea4b1a0474b20acb6d94e601141c239c671

    SHA512

    05f60766afe6c12f708cb07aa1d3a57b5c21f7d0848bae655a495b4207d5d31c7af3ccb37ed0db34b1a9c5bbd139aadf0a077b46a75cedab56f0a5aaf525ddd6

    Download Submit