Analysis
-
max time kernel
133s -
max time network
132s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
20/01/2021, 07:42
General
-
Target
WinRAR.exe
-
Size
4.0MB
-
MD5
c930f328b5b3894feced92d04908b256
-
SHA1
79eaa3e5457cff7ad64147a4178b0e7aad732101
-
SHA256
72239d0cba7a80895957b43d854680fb2fefbaa8b1f68b001ce5905c32ddcde1
-
SHA512
db6d5d81a495874a12b37546541b6a7dce63b43960a5a7a52fa5b3bd87af2067e8aed5daf13c0a6f11f2230b61a369973d18921761a403222054d38ba2fe330f
Score
10/10
Malware Config
Signatures
-
StrongPity
StrongPity is a spyware developed by PROMETHIUM APT group mainly used in government sponsored attacks.
-
StrongPity Spyware 3 IoCs
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 5 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
JavaScript code in executable 4 IoCs
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\WinRAR.exe"C:\Users\Admin\AppData\Local\Temp\WinRAR.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\winrar-x64-600.exe"C:\Users\Admin\AppData\Local\Temp\winrar-x64-600.exe"2⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\ndaData\nvwmisrv.exe"C:\Users\Admin\AppData\Local\Temp\ndaData\nvwmisrv.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ndaData\winmsism.exe"C:\Users\Admin\AppData\Local\Temp\ndaData\winmsism.exe"3⤵
- Executes dropped EXE
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
-
Filesize
2.5MB