900a663fb206b74225e97e334c4a733ca870f29106f145044eeae77c08d0a44d

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
27/08/2023, 16:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

installer.exe
Size

149KB
MD5

2091e5a265c44da1b0a5de5bc112a6dc
SHA1

02d5489c5bb1b169238ff5d79d5a09982d15caa3
SHA256

900a663fb206b74225e97e334c4a733ca870f29106f145044eeae77c08d0a44d
SHA512

77de1388ec943f3f6539b408a7133b4bc16b0b5c86acd5a22640ea9e1831aac71d806ff81e1c77024bbe7a8aecc4238f92d6cc1cfc56b943d31ec6643289c91a
SSDEEP

3072:hZoZc+265eMjxdbKRcIu5A6Jdx7Y6mGxq:hZoZ/+u5A6Jdx7Y6mmq

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings	installer.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1176	installer.exe

C:\Users\Admin\AppData\Local\Temp\installer.exe
"C:\Users\Admin\AppData\Local\Temp\installer.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1176
- C:\Users\Admin\AppData\Roaming\Flarial\Flarial.Launcher.exe
  "C:\Users\Admin\AppData\Roaming\Flarial\Flarial.Launcher.exe"
  2⤵
  PID:2232

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Flarial\Flarial.Launcher.exe

Filesize
180.8MB

MD5
c450047ac5f9d717c7db759145f1f0ac

SHA1
c26bddb08f8f37b83aa6b2ab44b4771ac7414074

SHA256
580f95efa28a290ddf084c6d3712c03a162a7f9f4c4a68b0d088e20458fa6a47

SHA512
10f8b14de401f6bc2f37ba84acb0da4882eed64b379f76fd6fd40d618ba5e99f902ec2949b4a125a769ecc2dacf7f5589ad2e9e528f5700c3d2da97b0cb53c57

Download Submit
C:\Users\Admin\AppData\Roaming\Flarial\latest.zip

Filesize
72.6MB

MD5
6d4970f4c3886491619be08a282ff842

SHA1
5bd14ab4516792cefd74fd15fe4ef6d416e8c790

SHA256
7516dc5bfffc0b7ed1314aa0eba57c520d8c6b2014cdd59699d81268c1973621

SHA512
9deb8751729ac34b5d001a36b1ff59fcacf9f5bfc4e3d8e83aa512470ca3a1f81599dde6f610c3fbee4b520988ea62ab75a71a66b799264ac63c732970516940

Download Submit