Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

winrar-x64-622es.exe

windows7-x64

4

winrar-x64-622es.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    132s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    07/08/2023, 13:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    winrar-x64-622es.exe

  • Size

    3.5MB

  • MD5

    ea9d137316d35a62131b263fb33e210a

  • SHA1

    3869afdfe61b04d22468d887e6b0e0b84ac442c3

  • SHA256

    b9725bb7157d36cc8689d9227458b35e362e50c2b668606788007d3f84bd4818

  • SHA512

    ee27ec06e3b37da99c8dc02515b5ff1f6bd69409fa1a9217af7e94312f8b4ad5ccec9fb165ea459d4365d2030518488ca3ea892cd6b3c77848947a921615e4b8

  • SSDEEP

    98304:91BOBfK1OpxOCpZEPjGPVZDzt/a3Jz+VsTCwiZirioe1XZqKHa:91/keCpZCGPVZDzt/a3JSVxwaiRe+K6

Score
4/10
persistence

Malware Config

Signatures

  • Drops file in Program Files directory 64 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 11 IoCs
  • Modifies system executable filetype association 2 TTPs 8 IoCs
    persistence
  • Registers COM server for autorun 1 TTPs 3 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\winrar-x64-622es.exe
    "C:\Users\Admin\AppData\Local\Temp\winrar-x64-622es.exe"
    1⤵
    • Drops file in Program Files directory
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1088
    • C:\Program Files\WinRAR\uninstall.exe
      "C:\Program Files\WinRAR\uninstall.exe" /setup
      2⤵
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies system executable filetype association
      • Registers COM server for autorun
      • Modifies registry class
      PID:2748
  • C:\Program Files\WinRAR\WinRAR.exe
    "C:\Program Files\WinRAR\WinRAR.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetWindowsHookEx
    PID:1240

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\WinRAR\Novedades.txt
    Filesize

    246KB

    MD5

    0999832788a1cfb29a89a0afd9fbad35

    SHA1

    20c8813f4ccc446fa298e5e2a33b2070177017ba

    SHA256

    4ee87a9a6e9be39e69f1775764debe283066e28c99de4d4db7596cdeb64c0541

    SHA512

    b1530b98aec0c8696455e3cfa109a5843a95e49f7d9c9d0a5a36f298ad1c126701e71eb7b56ca542b55ae60177e7a60b4b5b9f43fb93ae1b54ea696c8cd10c47

    Download Submit

  • C:\Program Files\WinRAR\Rar.txt
    Filesize

    248KB

    MD5

    56956df4b1b4c4e860133674929993ec

    SHA1

    587e6ad93aaac4e98af4ca3cab8a7982484fc526

    SHA256

    87fac26160f3a1ace1c560f6e706e03b6868be62f88b09ad98e5aa0b1dbc8a1b

    SHA512

    15643ed67c9c21d9e481c0862413a555bc0e00fdc4a46b63ed6462b30d9455b6ab17873718772a682f38bbefd0b32b148e2364838f464402dfc363a5e00fce23

    Download Submit

  • C:\Program Files\WinRAR\Uninstall.exe
    Filesize

    437KB

    MD5

    91c68d5370c2ddb9b19ebfe367123611

    SHA1

    7f6ddfecb415445b979fdc79554897e76aa38537

    SHA256

    947af82f7a867ef4c030bee07737aeb6ea4119be56a957ca7b194706c65e4c72

    SHA512

    ec5b43f757bb3623d8275b38e7d6dda695661df06ddbff001f1970f5d53509a269e5b072eed942c943315709309a43d375286626edc48ef5df44b8ba9af16bb1

    Download Submit

  • C:\Program Files\WinRAR\Uninstall.exe
    Filesize

    437KB

    MD5

    91c68d5370c2ddb9b19ebfe367123611

    SHA1

    7f6ddfecb415445b979fdc79554897e76aa38537

    SHA256

    947af82f7a867ef4c030bee07737aeb6ea4119be56a957ca7b194706c65e4c72

    SHA512

    ec5b43f757bb3623d8275b38e7d6dda695661df06ddbff001f1970f5d53509a269e5b072eed942c943315709309a43d375286626edc48ef5df44b8ba9af16bb1

    Download Submit

  • C:\Program Files\WinRAR\WinRAR.exe
    Filesize

    2.5MB

    MD5

    6f0f4184255d57ceb730f0d8e0ca6404

    SHA1

    2d7230a09080df9066edc6ffd9e63da1cc5a4aa4

    SHA256

    8dda6b401fb32726803e961a73d631f2ef2970904095baabea40188a90f5fd5c

    SHA512

    ad8251a458647f7228fa31cda5b8bbbca6449a7fa60366bf3b6b6a3ae4b50963a85646052b97456294fee4566bbe76b8a1a40fd7a9bc3e6d66b76101ad9121b9

    Download Submit

  • C:\Program Files\WinRAR\WinRAR.exe
    Filesize

    2.5MB

    MD5

    6f0f4184255d57ceb730f0d8e0ca6404

    SHA1

    2d7230a09080df9066edc6ffd9e63da1cc5a4aa4

    SHA256

    8dda6b401fb32726803e961a73d631f2ef2970904095baabea40188a90f5fd5c

    SHA512

    ad8251a458647f7228fa31cda5b8bbbca6449a7fa60366bf3b6b6a3ae4b50963a85646052b97456294fee4566bbe76b8a1a40fd7a9bc3e6d66b76101ad9121b9

    Download Submit

  • C:\Program Files\WinRAR\uninstall.lng
    Filesize

    14KB

    MD5

    b8255ad49d1e2c326e39cb911f6d7962

    SHA1

    fd010e6317c11fcc5bf9dfa8f4aae0db35cf62f9

    SHA256

    9ffacbff74170fa2b60984db4e7c03042170266c83ace1ddec6b9001f4f668d5

    SHA512

    4db1854b4286ca60e03b56f7613c4d210863a552a5e30978818cee212017a28f686c04fd5b06da29f7c27b543579865f544ad2d01b290f2ee77b82badd9cc2fa

    Download Submit

  • C:\Program Files\WinRAR\winrar.chm
    Filesize

    364KB

    MD5

    c89e507678d97eeb985b513b1d3010a7

    SHA1

    73195ceb1b47fe340d92d66bb38c2c53ab6b7e51

    SHA256

    42acee478b1fd99b22fba43746072f23cda04209bd08d6e949695afd7d8bfaae

    SHA512

    1b55a36cbda3c382a82dbbcd8640199bdee97320630d3307034ad6948efcce4390c7fed0a6efe9b927001e61b9aab8738cfb1a70318b83d86c0036dde3c643c2

    Download Submit

  • C:\Program Files\WinRAR\winrar.lng
    Filesize

    192KB

    MD5

    082d36a996ed30b2486ec1b84ec416f1

    SHA1

    c0f45b077114211eb8af74680ba91f6d8f170c84

    SHA256

    a45e28addf6a198619ffa2303fb20e72a8046210544bbd2d6f42dbfd633833cc

    SHA512

    eaa722c6f29864c05dd5c3f5e23aceb40ed8addd8d43bcca34076a67653911a4d19fe34780509ef48c88f837418e183c0d37cf5716841fe46cb53540d361a7c9

    Download Submit

  • \Program Files\WinRAR\Uninstall.exe
    Filesize

    437KB

    MD5

    91c68d5370c2ddb9b19ebfe367123611

    SHA1

    7f6ddfecb415445b979fdc79554897e76aa38537

    SHA256

    947af82f7a867ef4c030bee07737aeb6ea4119be56a957ca7b194706c65e4c72

    SHA512

    ec5b43f757bb3623d8275b38e7d6dda695661df06ddbff001f1970f5d53509a269e5b072eed942c943315709309a43d375286626edc48ef5df44b8ba9af16bb1

    Download Submit

  • \Program Files\WinRAR\Uninstall.exe
    Filesize

    437KB

    MD5

    91c68d5370c2ddb9b19ebfe367123611

    SHA1

    7f6ddfecb415445b979fdc79554897e76aa38537

    SHA256

    947af82f7a867ef4c030bee07737aeb6ea4119be56a957ca7b194706c65e4c72

    SHA512

    ec5b43f757bb3623d8275b38e7d6dda695661df06ddbff001f1970f5d53509a269e5b072eed942c943315709309a43d375286626edc48ef5df44b8ba9af16bb1

    Download Submit

  • \Program Files\WinRAR\Uninstall.exe
    Filesize

    437KB

    MD5

    91c68d5370c2ddb9b19ebfe367123611

    SHA1

    7f6ddfecb415445b979fdc79554897e76aa38537

    SHA256

    947af82f7a867ef4c030bee07737aeb6ea4119be56a957ca7b194706c65e4c72

    SHA512

    ec5b43f757bb3623d8275b38e7d6dda695661df06ddbff001f1970f5d53509a269e5b072eed942c943315709309a43d375286626edc48ef5df44b8ba9af16bb1

    Download Submit

  • \Program Files\WinRAR\WinRAR.exe
    Filesize

    2.5MB

    MD5

    6f0f4184255d57ceb730f0d8e0ca6404

    SHA1

    2d7230a09080df9066edc6ffd9e63da1cc5a4aa4

    SHA256

    8dda6b401fb32726803e961a73d631f2ef2970904095baabea40188a90f5fd5c

    SHA512

    ad8251a458647f7228fa31cda5b8bbbca6449a7fa60366bf3b6b6a3ae4b50963a85646052b97456294fee4566bbe76b8a1a40fd7a9bc3e6d66b76101ad9121b9

    Download Submit

  • \Program Files\WinRAR\WinRAR.exe
    Filesize

    2.5MB

    MD5

    6f0f4184255d57ceb730f0d8e0ca6404

    SHA1

    2d7230a09080df9066edc6ffd9e63da1cc5a4aa4

    SHA256

    8dda6b401fb32726803e961a73d631f2ef2970904095baabea40188a90f5fd5c

    SHA512

    ad8251a458647f7228fa31cda5b8bbbca6449a7fa60366bf3b6b6a3ae4b50963a85646052b97456294fee4566bbe76b8a1a40fd7a9bc3e6d66b76101ad9121b9

    Download Submit

  • \Program Files\WinRAR\WinRAR.exe
    Filesize

    2.5MB

    MD5

    6f0f4184255d57ceb730f0d8e0ca6404

    SHA1

    2d7230a09080df9066edc6ffd9e63da1cc5a4aa4

    SHA256

    8dda6b401fb32726803e961a73d631f2ef2970904095baabea40188a90f5fd5c

    SHA512

    ad8251a458647f7228fa31cda5b8bbbca6449a7fa60366bf3b6b6a3ae4b50963a85646052b97456294fee4566bbe76b8a1a40fd7a9bc3e6d66b76101ad9121b9

    Download Submit

  • \Program Files\WinRAR\WinRAR.exe
    Filesize

    2.5MB

    MD5

    6f0f4184255d57ceb730f0d8e0ca6404

    SHA1

    2d7230a09080df9066edc6ffd9e63da1cc5a4aa4

    SHA256

    8dda6b401fb32726803e961a73d631f2ef2970904095baabea40188a90f5fd5c

    SHA512

    ad8251a458647f7228fa31cda5b8bbbca6449a7fa60366bf3b6b6a3ae4b50963a85646052b97456294fee4566bbe76b8a1a40fd7a9bc3e6d66b76101ad9121b9

    Download Submit

  • \Program Files\WinRAR\WinRAR.exe
    Filesize

    2.5MB

    MD5

    6f0f4184255d57ceb730f0d8e0ca6404

    SHA1

    2d7230a09080df9066edc6ffd9e63da1cc5a4aa4

    SHA256

    8dda6b401fb32726803e961a73d631f2ef2970904095baabea40188a90f5fd5c

    SHA512

    ad8251a458647f7228fa31cda5b8bbbca6449a7fa60366bf3b6b6a3ae4b50963a85646052b97456294fee4566bbe76b8a1a40fd7a9bc3e6d66b76101ad9121b9

    Download Submit

  • \Program Files\WinRAR\WinRAR.exe
    Filesize

    2.5MB

    MD5

    6f0f4184255d57ceb730f0d8e0ca6404

    SHA1

    2d7230a09080df9066edc6ffd9e63da1cc5a4aa4

    SHA256

    8dda6b401fb32726803e961a73d631f2ef2970904095baabea40188a90f5fd5c

    SHA512

    ad8251a458647f7228fa31cda5b8bbbca6449a7fa60366bf3b6b6a3ae4b50963a85646052b97456294fee4566bbe76b8a1a40fd7a9bc3e6d66b76101ad9121b9

    Download Submit

  • \Program Files\WinRAR\WinRAR.exe
    Filesize

    2.5MB

    MD5

    6f0f4184255d57ceb730f0d8e0ca6404

    SHA1

    2d7230a09080df9066edc6ffd9e63da1cc5a4aa4

    SHA256

    8dda6b401fb32726803e961a73d631f2ef2970904095baabea40188a90f5fd5c

    SHA512

    ad8251a458647f7228fa31cda5b8bbbca6449a7fa60366bf3b6b6a3ae4b50963a85646052b97456294fee4566bbe76b8a1a40fd7a9bc3e6d66b76101ad9121b9

    Download Submit

  • \Program Files\WinRAR\WinRAR.exe
    Filesize

    2.5MB

    MD5

    6f0f4184255d57ceb730f0d8e0ca6404

    SHA1

    2d7230a09080df9066edc6ffd9e63da1cc5a4aa4

    SHA256

    8dda6b401fb32726803e961a73d631f2ef2970904095baabea40188a90f5fd5c

    SHA512

    ad8251a458647f7228fa31cda5b8bbbca6449a7fa60366bf3b6b6a3ae4b50963a85646052b97456294fee4566bbe76b8a1a40fd7a9bc3e6d66b76101ad9121b9

    Download Submit