Overview

overview

10

Static

static

winrar-x64-602.exe

windows7_x64

10

winrar-x64-602.exe

windows10_x64

1

Analysis

  • max time kernel
    143s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-en-20211014
  • submitted
    21-10-2021 10:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    winrar-x64-602.exe

  • Size

    3.2MB

  • MD5

    fc61fdcad5a9d52a01bd2d596f2c92b9

  • SHA1

    77ab1e20c685e716b82c7c90b373316fc84cde23

  • SHA256

    9e6f6adcbc67cfa9854ecc31684dd6b9f7210374c2b98b62380ceb17b49f64bc

  • SHA512

    1f0085455b122aa16481fb8e8f3566fbc2ef4325b591bc0e65ae55418033a782dc3d7fea0687ae41165468a6d8e90623705171827a28a1580c7dba23eb86c46f

Score
10/10
discoverypersistence

Malware Config

Signatures

  • Modifies system executable filetype association 2 TTPs 8 IoCs
    persistence
  • Registers COM server for autorun 1 TTPs
    persistence
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 11 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 48 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\winrar-x64-602.exe
    "C:\Users\Admin\AppData\Local\Temp\winrar-x64-602.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1256
    • C:\Program Files\WinRAR\uninstall.exe
      "C:\Program Files\WinRAR\uninstall.exe" /setup
      2⤵
      • Modifies system executable filetype association
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Modifies registry class
      PID:436
  • C:\Windows\hh.exe
    "C:\Windows\hh.exe" C:\Program Files\WinRAR\WinRAR.chm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:944
  • C:\Program Files\WinRAR\WinRAR.exe
    "C:\Program Files\WinRAR\WinRAR.exe"
    1⤵
    • Executes dropped EXE
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:1552

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

1
T1042

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\WinRAR\Rar.txt
    MD5

    e3e92d933a7887710508d1a9a64f8e16

    SHA1

    191d054e3f48caa446322d9620fa9776dcd0eac7

    SHA256

    a4d41d73f7e56ab9f6254807e48bc94af3b214fbac9a17d24b8140a99aad26b3

    SHA512

    75c65e9c145b4980fc58460daa14da1ea45784943454eca2dc7ed69154a8d2cf92a6a213ad8a3dfdfa3045b4e1a8772372019f4c1d5e0e4dd407ee3f2348d75c

    Download Submit
  • C:\Program Files\WinRAR\Uninstall.exe
    MD5

    801d45c1ba40d3f49870e4d9bd319869

    SHA1

    5594c3f86e81f44ed1abc0389fb3c9e686c85336

    SHA256

    a99ed97a67233e0677468b0ea076e3c8182299e75c09cebf83e2564415483c76

    SHA512

    c30288657a3d90cfeeb22b076a627a2d30533ebf44db306d88c8bd77ee4dcd94b1fe48780373f22b2a5ba9b1f0d714895d0b297ff8127313e92e81ab141a3476

    Download Submit
  • C:\Program Files\WinRAR\WhatsNew.txt
    MD5

    9965bee67e4b4556f14558fb541defa4

    SHA1

    76657102bd53ddaa42a85128201e57d2adf27695

    SHA256

    f8e9c3be9c76ee13f7fc7a5ae8dd397440adb1dd6745b17e0ffce89e2d0fccad

    SHA512

    9e966914a8449d371fdd46e6ddbd47ae2fb40ee1f8e7c82d04584a42cda68d60d15441c90e54e9a8b0aed9dce95110a65c7e3ac3e358d950300f279d07f6aa7e

    Download Submit
  • C:\Program Files\WinRAR\WinRAR.chm
    MD5

    eca0e0be50f4f0dc5f2ccdbbc0338365

    SHA1

    1978b9d6ef60d5cd4258f0668d683be87fca0497

    SHA256

    750e5efc4ebb5e051b17efad93708ea2d5c27d22de720db0fea2408be85b3d42

    SHA512

    d9af9cc3c6cbf73818d6ab1c57c5ee7eb9345d03e5cd6b0e49b5d1c57728b183776dc83c9c0a5353bd15155d3d981886edbeaae202f2bb734841225b31bb619f

    Download Submit
  • C:\Program Files\WinRAR\WinRAR.exe
    MD5

    d9e5fc5762493ad57fe354558b0a21b5

    SHA1

    d10cf48e6453705ed69d6c755cb77f17033bd3da

    SHA256

    e602e65ce7bde0e923af34f8439c0373e585abbb462ac3d07068b225880e6fbd

    SHA512

    93c5fe9813871f026e7672915952861f01e2f89f3afee3e85a2a93aedb77a31b140bd1dca0518b6555212ee8d6fee7baf6b8a7d54adf5ca05bff208f3c34c8a3

    Download Submit
  • C:\Program Files\WinRAR\WinRAR.exe
    MD5

    d9e5fc5762493ad57fe354558b0a21b5

    SHA1

    d10cf48e6453705ed69d6c755cb77f17033bd3da

    SHA256

    e602e65ce7bde0e923af34f8439c0373e585abbb462ac3d07068b225880e6fbd

    SHA512

    93c5fe9813871f026e7672915952861f01e2f89f3afee3e85a2a93aedb77a31b140bd1dca0518b6555212ee8d6fee7baf6b8a7d54adf5ca05bff208f3c34c8a3

    Download Submit
  • \Program Files\WinRAR\Uninstall.exe
    MD5

    801d45c1ba40d3f49870e4d9bd319869

    SHA1

    5594c3f86e81f44ed1abc0389fb3c9e686c85336

    SHA256

    a99ed97a67233e0677468b0ea076e3c8182299e75c09cebf83e2564415483c76

    SHA512

    c30288657a3d90cfeeb22b076a627a2d30533ebf44db306d88c8bd77ee4dcd94b1fe48780373f22b2a5ba9b1f0d714895d0b297ff8127313e92e81ab141a3476

    Download Submit
  • \Program Files\WinRAR\Uninstall.exe
    MD5

    801d45c1ba40d3f49870e4d9bd319869

    SHA1

    5594c3f86e81f44ed1abc0389fb3c9e686c85336

    SHA256

    a99ed97a67233e0677468b0ea076e3c8182299e75c09cebf83e2564415483c76

    SHA512

    c30288657a3d90cfeeb22b076a627a2d30533ebf44db306d88c8bd77ee4dcd94b1fe48780373f22b2a5ba9b1f0d714895d0b297ff8127313e92e81ab141a3476

    Download Submit
  • \Program Files\WinRAR\Uninstall.exe
    MD5

    801d45c1ba40d3f49870e4d9bd319869

    SHA1

    5594c3f86e81f44ed1abc0389fb3c9e686c85336

    SHA256

    a99ed97a67233e0677468b0ea076e3c8182299e75c09cebf83e2564415483c76

    SHA512

    c30288657a3d90cfeeb22b076a627a2d30533ebf44db306d88c8bd77ee4dcd94b1fe48780373f22b2a5ba9b1f0d714895d0b297ff8127313e92e81ab141a3476

    Download Submit
  • \Program Files\WinRAR\Uninstall.exe
    MD5

    801d45c1ba40d3f49870e4d9bd319869

    SHA1

    5594c3f86e81f44ed1abc0389fb3c9e686c85336

    SHA256

    a99ed97a67233e0677468b0ea076e3c8182299e75c09cebf83e2564415483c76

    SHA512

    c30288657a3d90cfeeb22b076a627a2d30533ebf44db306d88c8bd77ee4dcd94b1fe48780373f22b2a5ba9b1f0d714895d0b297ff8127313e92e81ab141a3476

    Download Submit
  • \Program Files\WinRAR\WinRAR.exe
    MD5

    d9e5fc5762493ad57fe354558b0a21b5

    SHA1

    d10cf48e6453705ed69d6c755cb77f17033bd3da

    SHA256

    e602e65ce7bde0e923af34f8439c0373e585abbb462ac3d07068b225880e6fbd

    SHA512

    93c5fe9813871f026e7672915952861f01e2f89f3afee3e85a2a93aedb77a31b140bd1dca0518b6555212ee8d6fee7baf6b8a7d54adf5ca05bff208f3c34c8a3

    Download Submit
  • \Program Files\WinRAR\WinRAR.exe
    MD5

    d9e5fc5762493ad57fe354558b0a21b5

    SHA1

    d10cf48e6453705ed69d6c755cb77f17033bd3da

    SHA256

    e602e65ce7bde0e923af34f8439c0373e585abbb462ac3d07068b225880e6fbd

    SHA512

    93c5fe9813871f026e7672915952861f01e2f89f3afee3e85a2a93aedb77a31b140bd1dca0518b6555212ee8d6fee7baf6b8a7d54adf5ca05bff208f3c34c8a3

    Download Submit
  • \Program Files\WinRAR\WinRAR.exe
    MD5

    d9e5fc5762493ad57fe354558b0a21b5

    SHA1

    d10cf48e6453705ed69d6c755cb77f17033bd3da

    SHA256

    e602e65ce7bde0e923af34f8439c0373e585abbb462ac3d07068b225880e6fbd

    SHA512

    93c5fe9813871f026e7672915952861f01e2f89f3afee3e85a2a93aedb77a31b140bd1dca0518b6555212ee8d6fee7baf6b8a7d54adf5ca05bff208f3c34c8a3

    Download Submit
  • \Program Files\WinRAR\WinRAR.exe
    MD5

    d9e5fc5762493ad57fe354558b0a21b5

    SHA1

    d10cf48e6453705ed69d6c755cb77f17033bd3da

    SHA256

    e602e65ce7bde0e923af34f8439c0373e585abbb462ac3d07068b225880e6fbd

    SHA512

    93c5fe9813871f026e7672915952861f01e2f89f3afee3e85a2a93aedb77a31b140bd1dca0518b6555212ee8d6fee7baf6b8a7d54adf5ca05bff208f3c34c8a3

    Download Submit
  • \Program Files\WinRAR\WinRAR.exe
    MD5

    d9e5fc5762493ad57fe354558b0a21b5

    SHA1

    d10cf48e6453705ed69d6c755cb77f17033bd3da

    SHA256

    e602e65ce7bde0e923af34f8439c0373e585abbb462ac3d07068b225880e6fbd

    SHA512

    93c5fe9813871f026e7672915952861f01e2f89f3afee3e85a2a93aedb77a31b140bd1dca0518b6555212ee8d6fee7baf6b8a7d54adf5ca05bff208f3c34c8a3

    Download Submit
  • \Program Files\WinRAR\WinRAR.exe
    MD5

    d9e5fc5762493ad57fe354558b0a21b5

    SHA1

    d10cf48e6453705ed69d6c755cb77f17033bd3da

    SHA256

    e602e65ce7bde0e923af34f8439c0373e585abbb462ac3d07068b225880e6fbd

    SHA512

    93c5fe9813871f026e7672915952861f01e2f89f3afee3e85a2a93aedb77a31b140bd1dca0518b6555212ee8d6fee7baf6b8a7d54adf5ca05bff208f3c34c8a3

    Download Submit
  • \Program Files\WinRAR\WinRAR.exe
    MD5

    d9e5fc5762493ad57fe354558b0a21b5

    SHA1

    d10cf48e6453705ed69d6c755cb77f17033bd3da

    SHA256

    e602e65ce7bde0e923af34f8439c0373e585abbb462ac3d07068b225880e6fbd

    SHA512

    93c5fe9813871f026e7672915952861f01e2f89f3afee3e85a2a93aedb77a31b140bd1dca0518b6555212ee8d6fee7baf6b8a7d54adf5ca05bff208f3c34c8a3

    Download Submit
  • memory/436-63-0x0000000000000000-mapping.dmp
    Download
  • memory/1256-55-0x000007FEFBC51000-0x000007FEFBC53000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1256-58-0x000007FFFFF92000-0x000007FFFFF94000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1256-59-0x000007FFFFF94000-0x000007FFFFF96000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1256-56-0x000007FFFFF90000-0x000007FFFFF92000-memory.dmp
    Filesize

    8KB

    Download