Extracted

• • Target

    3ac9ad537d6334c6e99dfcf2447599520d3d4c0eb6c4ce7296e8224a1b3df996.ppam

  • Size

    23KB

  • MD5

    5de80d785be21045bf2fc51f097f6b8b

  • SHA1

    edc2ae73bb1edecd46a1854fc8a16b0d487da377

  • SHA256

    3ac9ad537d6334c6e99dfcf2447599520d3d4c0eb6c4ce7296e8224a1b3df996

  • SHA512

    2374ea1f272d034d3ee299ab9c9e83feff26b39ff5cc8a3712c8c4da4244831f9c80138284f3e37f39faff09b532cc18ddbf593128f4a48fe4b71cac18214e18

  • SSDEEP

    384:dXPr0kw5Tul3BEGHwVuOYDyqIVGWcuA6qY4qHZjwJU7+FZq+unkTa31Y0U4Un0:VPg5cBpHOuOYaIjuI6jCc+fq+dgUV0

  Score

  10^/10

  revengeratnyancatrevengediscoverytrojan

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat

  • Blocklisted process makes network request

  • Process spawned suspicious child process

    This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2