b39d78411da6390a7df0f37b908dbb1b9089abd558b9e06ee852a11fc77d7251 | Triage

Analysis

max time kernel
396s
max time network
439s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2025, 20:36

Sharing

Report Analysis Logs

General

Target

Revenge-RAT v0.3.7z
Size

8.7MB
MD5

3864072888fd4bc4f3c67333ecde70c7
SHA1

7982d4baabbea5f4fee4fefc2632d5535f433b35
SHA256

b39d78411da6390a7df0f37b908dbb1b9089abd558b9e06ee852a11fc77d7251
SHA512

89f13697f43680bce715ee98c98f84a56f2c2707c77a0e7a59804c46cb89a091ce213e6c98f7c264539f4634079898dbb91030e31a704f2f48161f355ef35f80
SSDEEP

196608:8hwcP7zWP5126X1CfXWcyeWWJmGr0N08mQABgYQi+maA:DcPns281CucZRmGr0NvmbD6mB

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	2332	7zFM.exe
Token: 35	2332	7zFM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2332	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Revenge-RAT v0.3.7z"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads