Edit tour
Windows
Analysis Report
revosetup.exe
Overview
General Information
Detection
Score: | 24 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 20% |
Signatures
Monitors registry run keys for changes
Tries to harvest and steal browser information (history, passwords, etc)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Found dropped PE file which has not been started or loaded
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Stores files to the Windows start menu directory
Uses 32bit PE files
Classification
Analysis Advice
Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox |
Sample searches for specific file, try point organization specific fake files to the analysis machine |
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis |
- System is w10x64_ra
- revosetup.exe (PID: 1796 cmdline:
"C:\Users\ user\Deskt op\revoset up.exe" MD5: 63150C4846BFBCF27FA70CCAA8A01943) - revosetup.tmp (PID: 2816 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\is-QDQ K0.tmp\rev osetup.tmp " /SL5="$2 02EE,63553 20,266240, C:\Users\u ser\Deskto p\revosetu p.exe" MD5: 7B77E7C3EBD213D95C4D909716F10030) - RevoUnin.exe (PID: 6532 cmdline:
"C:\Progra m Files\VS Revo Grou p\Revo Uni nstaller\R evoUnin.ex e" MD5: A9CCD5974308C40CBE6946B5E53D2DE9) - chrome.exe (PID: 6604 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// www.revoun installer. com/free-i nstall-tha nkyou/ MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA) - chrome.exe (PID: 6792 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2116 --fi eld-trial- handle=182 8,i,113404 3878412223 9940,81239 7270504591 9978,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
- cleanup
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
Source: | HTTP Parser: |
Source: | Static PE information: |
Source: | Window detected: |