Overview

overview

10

Static

static

1

winrar-x64-621d.exe

windows7-x64

10

winrar-x64-621d.exe

windows10-2004-x64

10

Resubmissions

22-02-2023 10:59

230222-m3twlsba32 1

21-02-2023 17:57

230221-wjyvwsfg66 10

Analysis

  • max time kernel
    30s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • submitted
    21-02-2023 17:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    winrar-x64-621d.exe

  • Size

    3.6MB

  • MD5

    2ea8bf1895df09f82a4c2aea3c3db68b

  • SHA1

    29edf8f6f379a0bb91ebf8aedc82709a8e7ad91f

  • SHA256

    e5b13427e4b32697363139c741aae505aea4029f16d500d4b93cfddcd4e4c05e

  • SHA512

    34b985f193166c27e8f9e947184d35c7814f7f0a7b5e2e83e8706bab204817882ed450ea5619ad5036bfa0638a518bb23dd301a8885d8690d7781a84d69f2ba2

  • SSDEEP

    98304:eXBOBfKZt4UEAHiCf8zCgsUhG3qZocPI3c:eX/Zt4bWf5EG3q1V

Score
10/10
discoverypersistence

Malware Config

Signatures

  • Modifies system executable filetype association 2 TTPs 8 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 9 IoCs
  • Registers COM server for autorun 1 TTPs 3 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\winrar-x64-621d.exe
    "C:\Users\Admin\AppData\Local\Temp\winrar-x64-621d.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1276
    • C:\Program Files\WinRAR\uninstall.exe
      "C:\Program Files\WinRAR\uninstall.exe" /setup
      2⤵
      • Modifies system executable filetype association
      • Executes dropped EXE
      • Loads dropped DLL
      • Registers COM server for autorun
      • Drops file in Program Files directory
      • Modifies registry class
      PID:1448

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

1
T1042

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\WinRAR\Rar.txt
    Filesize

    144KB

    MD5

    84f4280f7f1ec0c99f2d2c864c797122

    SHA1

    b5fbf37ad1b86bd1acb813264c2f71da79344b94

    SHA256

    f9d1631c7dbf5de814c74d2089a8c453d0477378ec01b376c65bfc3bb281ee28

    SHA512

    0a43dbaaf574d010321dbe5d4cb66a7d6899fd7b44406e16dd32d23a5022b7c7b85cf349535ff222298a2ee04e45c618fa0322fbab1eb03531f5ff3120b4c86c

    Download Submit
  • C:\Program Files\WinRAR\Uninstall.exe
    Filesize

    437KB

    MD5

    6e8353fb55e1606e9488f4fe79249611

    SHA1

    8c4a2b33b77eb484a4d5c46545a9fac363b7b6eb

    SHA256

    05a7fac2bca734a21a4ee59bf8d89e26b2cb4b49d4bf2c2430af934ef5126223

    SHA512

    72238bffa29e57993c4e20e97d78933a07e465c8f4560da4a8b9663082aa37524ce3b05b6382f6d74ff94d81c52917c6bed4a6bf464bcbdb6ff89d395ca56165

    Download Submit
  • C:\Program Files\WinRAR\Uninstall.exe
    Filesize

    437KB

    MD5

    6e8353fb55e1606e9488f4fe79249611

    SHA1

    8c4a2b33b77eb484a4d5c46545a9fac363b7b6eb

    SHA256

    05a7fac2bca734a21a4ee59bf8d89e26b2cb4b49d4bf2c2430af934ef5126223

    SHA512

    72238bffa29e57993c4e20e97d78933a07e465c8f4560da4a8b9663082aa37524ce3b05b6382f6d74ff94d81c52917c6bed4a6bf464bcbdb6ff89d395ca56165

    Download Submit
  • C:\Program Files\WinRAR\WhatsNew.txt
    Filesize

    142KB

    MD5

    12234752af0f470ab4bacad1c36f925a

    SHA1

    9d6fcbb53d8d8208b52a9b59016163391f7b4ffa

    SHA256

    73c8d6733db8aa2a83822420bea9a40900d6724ddfe39d7610965a2099ea2040

    SHA512

    56fa2947078a0f9f61553c51603bcf19776b214d3e1cb74b00885ee0a9093ada49d3fd074fc2a2b9ae48e90821bf6dccdd15b62bf75c6bdebdb1f0cd50a66ac4

    Download Submit
  • C:\Program Files\WinRAR\WinRAR.chm
    Filesize

    392KB

    MD5

    a7b5ebce3dde3b8bc8f98f39d27e1d8e

    SHA1

    c6344dfe507d92f73f6dd4891a3df8eaf67bc084

    SHA256

    e442baf523f49e451826bba3ba87ca8974d2697d17f17cae37668894474c8c72

    SHA512

    501c8f0b234b7d1b561ba468568a8d14dad652bd9b633b4218d6e979e2af43748736ff6738a8f94522ab881dc3f77240013a59267dc535e47c8dcef21f494a7b

    Download Submit
  • C:\Program Files\WinRAR\WinRAR.exe
    Filesize

    2.4MB

    MD5

    8f5c03cd16c0b4cc9f73333231d6e697

    SHA1

    20610b8c5bc904f4a8a29dc3be847140bd5f80d9

    SHA256

    e97e8fb9fdf2df5d8d5a4efcbd6d2eee42900c2de44f34f93fa25d8f84b80e80

    SHA512

    c7ec21401648433a4a72f7fb1af7f652860dd29808540e310229a4bc3345d3d96086ffc196340936b64e54b16df951210f1cdd9065b3b65912eff8a337857f0b

    Download Submit
  • C:\Program Files\WinRAR\uninstall.lng
    Filesize

    12KB

    MD5

    443be352e9145d5abaa68051d5897474

    SHA1

    f8e6e814e2ed4697202d1d21d7d4369fb1b74b4b

    SHA256

    7c914565e7ffeec4e2350afd7d5b14314921059e86c9eb1b94119346efb383b3

    SHA512

    336d0000387c0955ab13a04a8b961bac5a44b80662e53b02643af28e7bf94a47b545f526d5a6757f54c5947ef27315dd44fdce02f6c30c4715a50dc73123bbda

    Download Submit
  • \Program Files\WinRAR\Uninstall.exe
    Filesize

    437KB

    MD5

    6e8353fb55e1606e9488f4fe79249611

    SHA1

    8c4a2b33b77eb484a4d5c46545a9fac363b7b6eb

    SHA256

    05a7fac2bca734a21a4ee59bf8d89e26b2cb4b49d4bf2c2430af934ef5126223

    SHA512

    72238bffa29e57993c4e20e97d78933a07e465c8f4560da4a8b9663082aa37524ce3b05b6382f6d74ff94d81c52917c6bed4a6bf464bcbdb6ff89d395ca56165

    Download Submit
  • \Program Files\WinRAR\Uninstall.exe
    Filesize

    437KB

    MD5

    6e8353fb55e1606e9488f4fe79249611

    SHA1

    8c4a2b33b77eb484a4d5c46545a9fac363b7b6eb

    SHA256

    05a7fac2bca734a21a4ee59bf8d89e26b2cb4b49d4bf2c2430af934ef5126223

    SHA512

    72238bffa29e57993c4e20e97d78933a07e465c8f4560da4a8b9663082aa37524ce3b05b6382f6d74ff94d81c52917c6bed4a6bf464bcbdb6ff89d395ca56165

    Download Submit
  • \Program Files\WinRAR\Uninstall.exe
    Filesize

    437KB

    MD5

    6e8353fb55e1606e9488f4fe79249611

    SHA1

    8c4a2b33b77eb484a4d5c46545a9fac363b7b6eb

    SHA256

    05a7fac2bca734a21a4ee59bf8d89e26b2cb4b49d4bf2c2430af934ef5126223

    SHA512

    72238bffa29e57993c4e20e97d78933a07e465c8f4560da4a8b9663082aa37524ce3b05b6382f6d74ff94d81c52917c6bed4a6bf464bcbdb6ff89d395ca56165

    Download Submit
  • \Program Files\WinRAR\WinRAR.exe
    Filesize

    2.4MB

    MD5

    8f5c03cd16c0b4cc9f73333231d6e697

    SHA1

    20610b8c5bc904f4a8a29dc3be847140bd5f80d9

    SHA256

    e97e8fb9fdf2df5d8d5a4efcbd6d2eee42900c2de44f34f93fa25d8f84b80e80

    SHA512

    c7ec21401648433a4a72f7fb1af7f652860dd29808540e310229a4bc3345d3d96086ffc196340936b64e54b16df951210f1cdd9065b3b65912eff8a337857f0b

    Download Submit
  • \Program Files\WinRAR\WinRAR.exe
    Filesize

    2.4MB

    MD5

    8f5c03cd16c0b4cc9f73333231d6e697

    SHA1

    20610b8c5bc904f4a8a29dc3be847140bd5f80d9

    SHA256

    e97e8fb9fdf2df5d8d5a4efcbd6d2eee42900c2de44f34f93fa25d8f84b80e80

    SHA512

    c7ec21401648433a4a72f7fb1af7f652860dd29808540e310229a4bc3345d3d96086ffc196340936b64e54b16df951210f1cdd9065b3b65912eff8a337857f0b

    Download Submit
  • \Program Files\WinRAR\WinRAR.exe
    Filesize

    2.4MB

    MD5

    8f5c03cd16c0b4cc9f73333231d6e697

    SHA1

    20610b8c5bc904f4a8a29dc3be847140bd5f80d9

    SHA256

    e97e8fb9fdf2df5d8d5a4efcbd6d2eee42900c2de44f34f93fa25d8f84b80e80

    SHA512

    c7ec21401648433a4a72f7fb1af7f652860dd29808540e310229a4bc3345d3d96086ffc196340936b64e54b16df951210f1cdd9065b3b65912eff8a337857f0b

    Download Submit
  • \Program Files\WinRAR\WinRAR.exe
    Filesize

    2.4MB

    MD5

    8f5c03cd16c0b4cc9f73333231d6e697

    SHA1

    20610b8c5bc904f4a8a29dc3be847140bd5f80d9

    SHA256

    e97e8fb9fdf2df5d8d5a4efcbd6d2eee42900c2de44f34f93fa25d8f84b80e80

    SHA512

    c7ec21401648433a4a72f7fb1af7f652860dd29808540e310229a4bc3345d3d96086ffc196340936b64e54b16df951210f1cdd9065b3b65912eff8a337857f0b

    Download Submit
  • \Program Files\WinRAR\WinRAR.exe
    Filesize

    2.4MB

    MD5

    8f5c03cd16c0b4cc9f73333231d6e697

    SHA1

    20610b8c5bc904f4a8a29dc3be847140bd5f80d9

    SHA256

    e97e8fb9fdf2df5d8d5a4efcbd6d2eee42900c2de44f34f93fa25d8f84b80e80

    SHA512

    c7ec21401648433a4a72f7fb1af7f652860dd29808540e310229a4bc3345d3d96086ffc196340936b64e54b16df951210f1cdd9065b3b65912eff8a337857f0b

    Download Submit
  • \Program Files\WinRAR\WinRAR.exe
    Filesize

    2.4MB

    MD5

    8f5c03cd16c0b4cc9f73333231d6e697

    SHA1

    20610b8c5bc904f4a8a29dc3be847140bd5f80d9

    SHA256

    e97e8fb9fdf2df5d8d5a4efcbd6d2eee42900c2de44f34f93fa25d8f84b80e80

    SHA512

    c7ec21401648433a4a72f7fb1af7f652860dd29808540e310229a4bc3345d3d96086ffc196340936b64e54b16df951210f1cdd9065b3b65912eff8a337857f0b

    Download Submit