bc6440121c023a5068c558bee72eae5c2b2eea1580c95ef7fba354780c689f7f

Analysis

max time kernel
149s
max time network
154s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
02/06/2023, 07:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

winrar-x64-622.exe
Size

3.4MB
MD5

8528c559c66733b63b2542e193b17f0d
SHA1

039003369bb235d58c25328fa86ef308eeb5db86
SHA256

bc6440121c023a5068c558bee72eae5c2b2eea1580c95ef7fba354780c689f7f
SHA512

f73a6b37f96db444c8099c8f41c444bc216ce57c26b1401d3be44531ed28aa2e59802b71c6191992602ef21fe7a6e20414af87d6d3ba0071acc89b9167a1718f
SSDEEP

98304:4rBfKEMsXZtVLAJ/J27hXo6i+FwsC1ep6Aev2bSGc/PjxdI5C4N:4syJPcJ/w71oohoehe1v3Luf

Score

4^/10

discovery persistence

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 60 IoCs

description	ioc	Process
File created	C:\Program Files\WinRAR\UnRAR.exe	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\RarExtInstaller.exe	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\WinCon64.SFX	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\ReadMe.txt	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Descript.ion	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\ReadMe.txt	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\WhatsNew.txt	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Uninstall.exe	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Default.SFX	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\RarExtPackage.msix	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\License.txt	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\WhatsNew.txt	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\UnRAR.exe	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Zip64.SFX	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Uninstall.exe	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\RarExt32.dll	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Rar.txt	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\WinRAR.chm	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\zipnew.dat	uninstall.exe
File opened for modification	C:\Program Files\WinRAR\Uninstall.lst	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\RarExtInstaller.exe	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\WinCon64.SFX	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Rar.exe	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\WinCon.SFX	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\RarExt32.dll	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Default64.SFX	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Zip64.SFX	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\__tmp_rar_sfx_access_check_7109917	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Rar.exe	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Resources.pri	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\RarExtPackage.msix	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Descript.ion	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Rar.txt	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\WinRAR.exe	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\RarExt.dll	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Resources.pri	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Order.htm	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\RarFiles.lst	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\WinRAR.exe	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\7zxa.dll	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\7zxa.dll	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\RarExt.dll	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\WinRAR.chm	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\rarnew.dat	uninstall.exe
File opened for modification	C:\Program Files\WinRAR\RarFiles.lst	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Uninstall.lst	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Default64.SFX	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\License.txt	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Order.htm	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Default.SFX	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\WinCon.SFX	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Zip.SFX	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Zip.SFX	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png	winrar-x64-622.exe

Executes dropped EXE 1 IoCs

pid	Process
1844	uninstall.exe

Loads dropped DLL 9 IoCs

pid	Process
884	winrar-x64-622.exe
1336	Process not Found
1844	uninstall.exe
1844	uninstall.exe
1336	Process not Found
1336	Process not Found
1336	Process not Found
1336	Process not Found
1336	Process not Found

Modifies system executable filetype association 2 TTPs 8 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1042

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ = "C:\\Program Files\\WinRAR\\rarext.dll"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment"	uninstall.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main	winrar-x64-622.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r07	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r19	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r22\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tbz\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.001	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.zip\ = "WinRAR.ZIP"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.lzh\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\ = "RAR recovery volume"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rar	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r22	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.bz\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.7z\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tgz	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tzst	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\ = "WinRAR ZIP archive"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r16\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.001\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\ = "WinRAR archive"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r13\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r12\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rar\ShellNew	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.lz	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.taz	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r11\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r24	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r25\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.zip	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tbz	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.txz\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.zst	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\DefaultIcon	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tlz\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r24\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r25	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.bz2\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rev\ = "WinRAR.REV"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open\command\ = "\"C:\\Program Files\\WinRAR\\WinRAR.exe\" \"%1\""	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r20\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r08\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.lz\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tbz2	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r02\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r14	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r23\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xxe	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r00\ = "WinRAR"	uninstall.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
884	winrar-x64-622.exe
884	winrar-x64-622.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 884 wrote to memory of 1844	884	winrar-x64-622.exe	27
PID 884 wrote to memory of 1844	884	winrar-x64-622.exe	27
PID 884 wrote to memory of 1844	884	winrar-x64-622.exe	27

C:\Users\Admin\AppData\Local\Temp\winrar-x64-622.exe
"C:\Users\Admin\AppData\Local\Temp\winrar-x64-622.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:884
- C:\Program Files\WinRAR\uninstall.exe
  "C:\Program Files\WinRAR\uninstall.exe" /setup
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system executable filetype association
  - Registers COM server for autorun
  - Modifies registry class
  PID:1844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6a59758,0x7fef6a59768,0x7fef6a59778
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1184,i,22898762011460944,17633515484969887888,131072 /prefetch:2
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1184,i,22898762011460944,17633515484969887888,131072 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1184,i,22898762011460944,17633515484969887888,131072 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2184 --field-trial-handle=1184,i,22898762011460944,17633515484969887888,131072 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2228 --field-trial-handle=1184,i,22898762011460944,17633515484969887888,131072 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1256 --field-trial-handle=1184,i,22898762011460944,17633515484969887888,131072 /prefetch:2
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --mojo-platform-channel-handle=2472 --field-trial-handle=1184,i,22898762011460944,17633515484969887888,131072 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3852 --field-trial-handle=1184,i,22898762011460944,17633515484969887888,131072 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3968 --field-trial-handle=1184,i,22898762011460944,17633515484969887888,131072 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=4060 --field-trial-handle=1184,i,22898762011460944,17633515484969887888,131072 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=4432 --field-trial-handle=1184,i,22898762011460944,17633515484969887888,131072 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=3620 --field-trial-handle=1184,i,22898762011460944,17633515484969887888,131072 /prefetch:1
  2⤵
  PID:2256

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:648

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

T1042

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\WinRAR\Rar.txt

Filesize
109KB

MD5
18eeb70635ccbe518da5598ff203db53

SHA1
f0be58b64f84eac86b5e05685e55ebaef380b538

SHA256
27b85e1a4ff7df5235d05b41f9d60d054516b16779803d8649a86a1e815b105b

SHA512
0b2a295b069722d75a15369b15bb88f13fbda56269d2db92c612b19578fc8dadf4f142ebb7ee94a83f87b2ddd6b715972df88b6bb0281853d40b1ce61957d3bd

Download Submit
C:\Program Files\WinRAR\Uninstall.exe

Filesize
437KB

MD5
91c68d5370c2ddb9b19ebfe367123611

SHA1
7f6ddfecb415445b979fdc79554897e76aa38537

SHA256
947af82f7a867ef4c030bee07737aeb6ea4119be56a957ca7b194706c65e4c72

SHA512
ec5b43f757bb3623d8275b38e7d6dda695661df06ddbff001f1970f5d53509a269e5b072eed942c943315709309a43d375286626edc48ef5df44b8ba9af16bb1

Download Submit
C:\Program Files\WinRAR\Uninstall.exe

Filesize
437KB

MD5
91c68d5370c2ddb9b19ebfe367123611

SHA1
7f6ddfecb415445b979fdc79554897e76aa38537

SHA256
947af82f7a867ef4c030bee07737aeb6ea4119be56a957ca7b194706c65e4c72

SHA512
ec5b43f757bb3623d8275b38e7d6dda695661df06ddbff001f1970f5d53509a269e5b072eed942c943315709309a43d375286626edc48ef5df44b8ba9af16bb1

Download Submit
C:\Program Files\WinRAR\WhatsNew.txt

Filesize
103KB

MD5
eaeee5f6ee0a3f0fe6f471a75aca13b8

SHA1
58cd77ef76371e349e4bf9891d98120074bd850c

SHA256
f723976575d08f1001b564532b0a849888135059e7c9343c453eead387d7ae4c

SHA512
3fc5994eefce000722679cf03b3e8f6d4a5e5ebfd9d0cc8f362e98b929d1c71e35313a183bfe3ab5adbd9ce52188ade167b8695a58ebd6476189b41627512604

Download Submit
C:\Program Files\WinRAR\WinRAR.chm

Filesize
317KB

MD5
11d4425b6fc8eb1a37066220cac1887a

SHA1
7d1ee2a5594073f906d49b61431267d29d41300e

SHA256
326d091a39ced3317d9665ed647686462203b42f23b787a3ed4b4ad3e028cc1e

SHA512
236f7b514560d01656ffdee317d39e58a29f260acfd62f6b6659e7e2f2fca2ac8e6becac5067bab5a6ceaeaece6f942633548baeae26655d04ac3143a752be98

Download Submit
C:\Program Files\WinRAR\WinRAR.exe

Filesize
2.5MB

MD5
234a511524f859e774e432a3af7d45b1

SHA1
6c0d38b9ee2d5b1834fc303190c49f2e630abe47

SHA256
4a23e6ef602ec4f2a07b5c8d28e7d224f29cdef1c35ac825dd6d9c630937d189

SHA512
095a42bd98fe22d4fd98715e59ba03939cd494d700181c8e83b7989e29f95569db48d0b4597d66c078f45e08a994f391fde91859f079375356b16aa237c9683a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
97KB

MD5
34b97f8b9e4296af5238fc8f67586b72

SHA1
e6c4b92901c1a9d8aa6a7247143c2560a90efaba

SHA256
70c158c98bf7abf5e0bb3167edf6ed0d378f9380fabcf281cf0fe59623a0c774

SHA512
0df677459ce64c61aa109aeabcf8f91e5a19a98ddc3426818d5cb256e05abab604b2455296e83fd4687798f6f241d470af431ac9e153df95283186c28c3ab4d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
49KB

MD5
6983568534e8cd4d346a2638a0892bf2

SHA1
2df1d616ae8f4989dbe9427848e5974b195e0a5a

SHA256
02043e5d2b23f9582ee2645e55ac26e556496bf25f15d146eda049af1f8553b6

SHA512
11a02ae3e51eea6768f8274178feae2da5398e6c5f62a5d34146ca7edbdd484ff85e59a2e1c61a8c0e1a1eda8af8f9fe9d5470cd357c2b424719b41eb7effce1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4f7ecae72542c79e6231dfc39cee7088

SHA1
53109a12e1f0d039502c6c620a3c161897ec5e0b

SHA256
785c9087d45cbd3948ed3fb521fdf986b197feef2dcfb2a013008c713bb21d94

SHA512
36103ef5245201db8720f59087bc37d745f8b59e048f92302ec12fee552b8bb674e6de3942e7f52d9aaea8be123b479a685ac86d3477cad08035170ea697681d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
33ba2e8867139938762096c1ff0aa371

SHA1
736ba60ccfaad8b0ef5b32d1e67b129bf46d86c2

SHA256
062fecf5cdefd5bae54cc59415092bcfa398c3811c827fcbe22265212b7b423a

SHA512
6f0b7d2025504babf3325c35fdce57000aa34c819631f922a49c786b44f4b54df5b4eb0e64dc3d0ba75775122d5a71cf3b6eed614a528b86de3c33a18fee7833

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
46b1be83fef0e26cc0351f3293e0b05a

SHA1
e9dc0759d602da8c1726bea68f074ca761f61bbb

SHA256
8497b7ab8e0fbb4802c698cad55a138e7cc17782a5439d9eda89a30e4565d97e

SHA512
a818e580c9afbf2d8de41c35d0a35e24e22ce4c4e5de9fd68c5defd178f795d2195526abc17e22201759f3b3632ae084d4e924f6405a090da47c24028a92aca5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
98ec2bb528701e19d3520363ed0f6247

SHA1
2e440face9b5d5eff134949b185cae0298a8f8ce

SHA256
5a74534605886dce5014a2e33f1e7d8b27427b6eff028d0bfd1e3cef0cfcf7bf

SHA512
c3c9a8384dcd91b87fa644af64f9e848c3313006df12871f720202ba12507cc1df78f1ee74ff9394a79b661fae3e35a7870e43e4b2fa758d3925aaa43d768c19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
25e0cd14d7799ae9feb5b2bc2779653e

SHA1
d36279ef3a8281e69e0940f64d63696f8854aae0

SHA256
b9fba664db15fa0ca69a1ec46a181e7a3730dcb408e52c816c7b4a4ee5a16fcb

SHA512
fe380178cd7c5012070c37426cc140dbe408e7947b8bfe61caa3603cc91fdfd6fe92bad050101f13cd97496443dedbf057befa51c9acff2e2ec3d6169cd496a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5384e05df76580b7778b0b7723806040

SHA1
a1a70b6900d32f27d392c7f8bd7898b75d7d7a13

SHA256
664415ee9f32ebdc5787e5d8d9c2688a0077a5a1d030c69cbc407460e6b2a04e

SHA512
779ae7b3f98a70f594d73545f36d4baae09b32da60185e6518d83aaaed5a9a3db292697d6bf8c835d296a457866b2f9c2597d36d30e92ebfe6af606b3785c226

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8ad3f77311e173e21f32dc7cadf58bf0

SHA1
2abd0f133ea3e847670ffa41d49612fb73315bb9

SHA256
6043f463183bd40e25d40bddffa068e7120ac939f518bccc295c10a9359f7b3e

SHA512
e4eb589b0cdc3df3333d940bef5807f7331c62468a298fbdc5c223a8f63db2419668ed6bf4c029ab8825ee7d8b1e162f94b6832671cf12b38787f88407bead76

Download Submit
\Program Files\WinRAR\Uninstall.exe

Filesize
437KB

MD5
91c68d5370c2ddb9b19ebfe367123611

SHA1
7f6ddfecb415445b979fdc79554897e76aa38537

SHA256
947af82f7a867ef4c030bee07737aeb6ea4119be56a957ca7b194706c65e4c72

SHA512
ec5b43f757bb3623d8275b38e7d6dda695661df06ddbff001f1970f5d53509a269e5b072eed942c943315709309a43d375286626edc48ef5df44b8ba9af16bb1

Download Submit
\Program Files\WinRAR\Uninstall.exe

Filesize
437KB

MD5
91c68d5370c2ddb9b19ebfe367123611

SHA1
7f6ddfecb415445b979fdc79554897e76aa38537

SHA256
947af82f7a867ef4c030bee07737aeb6ea4119be56a957ca7b194706c65e4c72

SHA512
ec5b43f757bb3623d8275b38e7d6dda695661df06ddbff001f1970f5d53509a269e5b072eed942c943315709309a43d375286626edc48ef5df44b8ba9af16bb1

Download Submit
\Program Files\WinRAR\Uninstall.exe

Filesize
437KB

MD5
91c68d5370c2ddb9b19ebfe367123611

SHA1
7f6ddfecb415445b979fdc79554897e76aa38537

SHA256
947af82f7a867ef4c030bee07737aeb6ea4119be56a957ca7b194706c65e4c72

SHA512
ec5b43f757bb3623d8275b38e7d6dda695661df06ddbff001f1970f5d53509a269e5b072eed942c943315709309a43d375286626edc48ef5df44b8ba9af16bb1

Download Submit
\Program Files\WinRAR\WinRAR.exe

Filesize
2.5MB

MD5
234a511524f859e774e432a3af7d45b1

SHA1
6c0d38b9ee2d5b1834fc303190c49f2e630abe47

SHA256
4a23e6ef602ec4f2a07b5c8d28e7d224f29cdef1c35ac825dd6d9c630937d189

SHA512
095a42bd98fe22d4fd98715e59ba03939cd494d700181c8e83b7989e29f95569db48d0b4597d66c078f45e08a994f391fde91859f079375356b16aa237c9683a

Download Submit
\Program Files\WinRAR\WinRAR.exe

Filesize
2.5MB

MD5
234a511524f859e774e432a3af7d45b1

SHA1
6c0d38b9ee2d5b1834fc303190c49f2e630abe47

SHA256
4a23e6ef602ec4f2a07b5c8d28e7d224f29cdef1c35ac825dd6d9c630937d189

SHA512
095a42bd98fe22d4fd98715e59ba03939cd494d700181c8e83b7989e29f95569db48d0b4597d66c078f45e08a994f391fde91859f079375356b16aa237c9683a

Download Submit
\Program Files\WinRAR\WinRAR.exe

Filesize
2.5MB

MD5
234a511524f859e774e432a3af7d45b1

SHA1
6c0d38b9ee2d5b1834fc303190c49f2e630abe47

SHA256
4a23e6ef602ec4f2a07b5c8d28e7d224f29cdef1c35ac825dd6d9c630937d189

SHA512
095a42bd98fe22d4fd98715e59ba03939cd494d700181c8e83b7989e29f95569db48d0b4597d66c078f45e08a994f391fde91859f079375356b16aa237c9683a

Download Submit
\Program Files\WinRAR\WinRAR.exe

Filesize
2.5MB

MD5
234a511524f859e774e432a3af7d45b1

SHA1
6c0d38b9ee2d5b1834fc303190c49f2e630abe47

SHA256
4a23e6ef602ec4f2a07b5c8d28e7d224f29cdef1c35ac825dd6d9c630937d189

SHA512
095a42bd98fe22d4fd98715e59ba03939cd494d700181c8e83b7989e29f95569db48d0b4597d66c078f45e08a994f391fde91859f079375356b16aa237c9683a

Download Submit
\Program Files\WinRAR\WinRAR.exe

Filesize
2.5MB

MD5
234a511524f859e774e432a3af7d45b1

SHA1
6c0d38b9ee2d5b1834fc303190c49f2e630abe47

SHA256
4a23e6ef602ec4f2a07b5c8d28e7d224f29cdef1c35ac825dd6d9c630937d189

SHA512
095a42bd98fe22d4fd98715e59ba03939cd494d700181c8e83b7989e29f95569db48d0b4597d66c078f45e08a994f391fde91859f079375356b16aa237c9683a

Download Submit
\Program Files\WinRAR\WinRAR.exe

Filesize
2.5MB

MD5
234a511524f859e774e432a3af7d45b1

SHA1
6c0d38b9ee2d5b1834fc303190c49f2e630abe47

SHA256
4a23e6ef602ec4f2a07b5c8d28e7d224f29cdef1c35ac825dd6d9c630937d189

SHA512
095a42bd98fe22d4fd98715e59ba03939cd494d700181c8e83b7989e29f95569db48d0b4597d66c078f45e08a994f391fde91859f079375356b16aa237c9683a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads