11a7dfe7553f163c7ac7fb20ef264253218f9c163bb971888d60ab9b5b4e60cb

Analysis

max time kernel
127s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
14/06/2023, 13:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

winrar64.exe
Size

2.2MB
MD5

ece5dca87d315ada4404d82be660c934
SHA1

0b3bb3eae7be9ed184f2f5c627f8047ae6cec68c
SHA256

11a7dfe7553f163c7ac7fb20ef264253218f9c163bb971888d60ab9b5b4e60cb
SHA512

b2f9232912ef9bd7151e10ba5920e7a9a93ccc86b10fdc1904833fe2395836dfe07e07099a4649b07f8fc75fe7604662b08fa83694d2ae47d12862b00f2b5ea8
SSDEEP

49152:z1mqsk5P83kcteiVh7o1QnOKkR35M/o96Bj/ZhaPSp:zpPgoi81Q4R30ogp/jaPSp

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2961826002-3968192592-354541192-1000\Software\Microsoft\Internet Explorer\Main	winrar64.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1340	winrar64.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1340	winrar64.exe
1340	winrar64.exe

C:\Users\Admin\AppData\Local\Temp\winrar64.exe
"C:\Users\Admin\AppData\Local\Temp\winrar64.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1340

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...