Overview

overview

7

Static

static

3

07aab4b73e...35.exe

windows7-x64

3

07aab4b73e...35.exe

windows10-2004-x64

7

$0/Archive...64.dll

windows7-x64

1

$0/Archive...64.dll

windows10-2004-x64

1

$0/Microso...er.dll

windows7-x64

1

$0/Microso...er.dll

windows10-2004-x64

1

$0/RAVEndP...er.exe

windows7-x64

1

$0/RAVEndP...er.exe

windows10-2004-x64

1

$0/System....te.dll

windows7-x64

1

$0/System....te.dll

windows10-2004-x64

1

$0/System....le.dll

windows7-x64

1

$0/System....le.dll

windows10-2004-x64

1

$0/cs-CZ/R...es.dll

windows7-x64

1

$0/cs-CZ/R...es.dll

windows10-2004-x64

1

$0/da-DK/R...es.dll

windows7-x64

1

$0/da-DK/R...es.dll

windows10-2004-x64

1

$0/de-DE/R...es.dll

windows7-x64

1

$0/de-DE/R...es.dll

windows10-2004-x64

1

$0/de/Micr...es.dll

windows7-x64

1

$0/de/Micr...es.dll

windows10-2004-x64

1

$0/el-GR/R...es.dll

windows7-x64

1

$0/el-GR/R...es.dll

windows10-2004-x64

1

$0/es-ES/R...es.dll

windows7-x64

1

$0/es-ES/R...es.dll

windows10-2004-x64

1

$0/es/Micr...es.dll

windows7-x64

1

$0/es/Micr...es.dll

windows10-2004-x64

1

$0/fi-FI/R...es.dll

windows7-x64

1

$0/fi-FI/R...es.dll

windows10-2004-x64

1

$0/fil-PH/...es.dll

windows7-x64

1

$0/fil-PH/...es.dll

windows10-2004-x64

1

$0/fr-FR/R...es.dll

windows7-x64

1

$0/fr-FR/R...es.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-12-2024 14:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $0/RAVEndPointProtection-installer.exe

  • Size

    538KB

  • MD5

    31cb221abd09084bf10c8d6acf976a21

  • SHA1

    1214ac59242841b65eaa5fd78c6bed0c2a909a9b

  • SHA256

    1bbba4dba3eb631909ba4b222d903293f70f7d6e1f2c9f52ae0cfca4e168bd0b

  • SHA512

    502b3acf5306a83cb6c6a917e194ffdce8d3c8985c4488569e59bce02f9562b71e454da53fd4605946d35c344aa4e67667c500ebcd6d1a166f16edbc482ba671

  • SSDEEP

    12288:nZLZVgIQtZM1A0+Nwhq3drt0ZAPKYZzrOZW4zlK:nZV661A0ue8lCZAPHZzrOZW4zl

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$0\RAVEndPointProtection-installer.exe
    "C:\Users\Admin\AppData\Local\Temp\$0\RAVEndPointProtection-installer.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1396-0-0x00007FFD78113000-0x00007FFD78115000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1396-1-0x0000025290200000-0x0000025290288000-memory.dmp

    Filesize

    544KB

    Download

  • memory/1396-2-0x0000025291E40000-0x0000025291E80000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1396-3-0x0000025291E80000-0x0000025291EB0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1396-4-0x00000252ABEE0000-0x00000252ABF1A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1396-5-0x00007FFD78110000-0x00007FFD78BD1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1396-6-0x00007FFD78110000-0x00007FFD78BD1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1396-7-0x00007FFD78110000-0x00007FFD78BD1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1396-8-0x0000025291F10000-0x0000025291F3A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1396-9-0x00007FFD78110000-0x00007FFD78BD1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1396-10-0x00007FFD78110000-0x00007FFD78BD1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1396-11-0x00007FFD78110000-0x00007FFD78BD1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1396-13-0x00007FFD78110000-0x00007FFD78BD1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1396-12-0x0000025291FE0000-0x0000025291FE8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1396-15-0x00000252AC2E0000-0x00000252AC2EE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1396-14-0x00000252AC470000-0x00000252AC4A8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/1396-16-0x00007FFD78113000-0x00007FFD78115000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1396-17-0x00007FFD78110000-0x00007FFD78BD1000-memory.dmp

    Filesize

    10.8MB

    Download