Analysis

  • max time kernel
    1758s
  • max time network
    1632s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    14/10/2023, 18:47

General

  • Target

    Chinese-Rat.rar

  • Size

    235.1MB

  • MD5

    37f249f004fcb1a0c5457fed3defd662

  • SHA1

    26befe465eaebcfa026f97dc87f4327857b54d0a

  • SHA256

    7f16bbad32fe87a9dbaf60d0958428192dc9b118df58e7d941ade00a56c8951a

  • SHA512

    dddab9f58147f56c3247526145529143afc0c2f5e57eacb3bf0e1b63770b527ba963972e01481c4f775bb677a86d16cbcf7f34b7bc6a2fe57c2cf5f9bf66191d

  • SSDEEP

    6291456:l5JvhykkRm0yP8SkD0StzoBeO0i+T8Ldu:l5JLd78wStzo50ig8xu

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Chinese-Rat.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2364
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Chinese-Rat.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2740
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Chinese-Rat.rar"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:2672
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1372

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2672-29-0x000000013FA10000-0x000000013FB08000-memory.dmp

      Filesize

      992KB

    • memory/2672-30-0x000007FEFAA90000-0x000007FEFAAC4000-memory.dmp

      Filesize

      208KB

    • memory/2672-32-0x000007FEFB750000-0x000007FEFB768000-memory.dmp

      Filesize

      96KB

    • memory/2672-31-0x000007FEF5E70000-0x000007FEF6124000-memory.dmp

      Filesize

      2.7MB

    • memory/2672-33-0x000007FEFA7B0000-0x000007FEFA7C7000-memory.dmp

      Filesize

      92KB

    • memory/2672-34-0x000007FEFA790000-0x000007FEFA7A1000-memory.dmp

      Filesize

      68KB

    • memory/2672-36-0x000007FEFA750000-0x000007FEFA761000-memory.dmp

      Filesize

      68KB

    • memory/2672-35-0x000007FEFA770000-0x000007FEFA787000-memory.dmp

      Filesize

      92KB

    • memory/2672-37-0x000007FEF7650000-0x000007FEF766D000-memory.dmp

      Filesize

      116KB

    • memory/2672-38-0x000007FEF73C0000-0x000007FEF73D1000-memory.dmp

      Filesize

      68KB

    • memory/2672-39-0x000007FEF5C70000-0x000007FEF5E70000-memory.dmp

      Filesize

      2.0MB

    • memory/2672-40-0x000007FEF4BC0000-0x000007FEF5C6B000-memory.dmp

      Filesize

      16.7MB

    • memory/2672-41-0x000007FEF7380000-0x000007FEF73BF000-memory.dmp

      Filesize

      252KB

    • memory/2672-42-0x000007FEF6E40000-0x000007FEF6E61000-memory.dmp

      Filesize

      132KB

    • memory/2672-43-0x000007FEF6E20000-0x000007FEF6E38000-memory.dmp

      Filesize

      96KB

    • memory/2672-44-0x000007FEF6E00000-0x000007FEF6E11000-memory.dmp

      Filesize

      68KB

    • memory/2672-45-0x000007FEF6DE0000-0x000007FEF6DF1000-memory.dmp

      Filesize

      68KB

    • memory/2672-47-0x000007FEF6850000-0x000007FEF686B000-memory.dmp

      Filesize

      108KB

    • memory/2672-46-0x000007FEF6DC0000-0x000007FEF6DD1000-memory.dmp

      Filesize

      68KB

    • memory/2672-48-0x000007FEF6830000-0x000007FEF6841000-memory.dmp

      Filesize

      68KB

    • memory/2672-50-0x000007FEF67E0000-0x000007FEF6810000-memory.dmp

      Filesize

      192KB

    • memory/2672-49-0x000007FEF6810000-0x000007FEF6828000-memory.dmp

      Filesize

      96KB

    • memory/2672-51-0x000007FEF4B50000-0x000007FEF4BB7000-memory.dmp

      Filesize

      412KB

    • memory/2672-52-0x000007FEF49E0000-0x000007FEF4A4F000-memory.dmp

      Filesize

      444KB

    • memory/2672-53-0x000007FEF4B30000-0x000007FEF4B41000-memory.dmp

      Filesize

      68KB

    • memory/2672-54-0x000007FEF4980000-0x000007FEF49D6000-memory.dmp

      Filesize

      344KB

    • memory/2672-55-0x000007FEF4950000-0x000007FEF4978000-memory.dmp

      Filesize

      160KB

    • memory/2672-56-0x000007FEF4920000-0x000007FEF4944000-memory.dmp

      Filesize

      144KB

    • memory/2672-57-0x000007FEF4900000-0x000007FEF4917000-memory.dmp

      Filesize

      92KB

    • memory/2672-58-0x000007FEF48D0000-0x000007FEF48F3000-memory.dmp

      Filesize

      140KB

    • memory/2672-59-0x000007FEF48B0000-0x000007FEF48C1000-memory.dmp

      Filesize

      68KB

    • memory/2672-60-0x000007FEF4890000-0x000007FEF48A2000-memory.dmp

      Filesize

      72KB

    • memory/2672-61-0x000007FEF47C0000-0x000007FEF47E1000-memory.dmp

      Filesize

      132KB

    • memory/2672-62-0x000007FEF47A0000-0x000007FEF47B3000-memory.dmp

      Filesize

      76KB

    • memory/2672-63-0x000007FEF4780000-0x000007FEF4792000-memory.dmp

      Filesize

      72KB

    • memory/2672-64-0x000007FEF4640000-0x000007FEF477B000-memory.dmp

      Filesize

      1.2MB

    • memory/2672-65-0x000007FEF3FE0000-0x000007FEF400C000-memory.dmp

      Filesize

      176KB

    • memory/2672-66-0x000007FEF39D0000-0x000007FEF3B82000-memory.dmp

      Filesize

      1.7MB

    • memory/2672-67-0x000007FEF3870000-0x000007FEF38CC000-memory.dmp

      Filesize

      368KB

    • memory/2672-68-0x000007FEF3770000-0x000007FEF3781000-memory.dmp

      Filesize

      68KB

    • memory/2672-69-0x000007FEF36A0000-0x000007FEF3737000-memory.dmp

      Filesize

      604KB

    • memory/2672-70-0x000007FEF3680000-0x000007FEF3692000-memory.dmp

      Filesize

      72KB

    • memory/2672-71-0x000007FEF3440000-0x000007FEF3671000-memory.dmp

      Filesize

      2.2MB

    • memory/2672-72-0x000007FEF3170000-0x000007FEF3282000-memory.dmp

      Filesize

      1.1MB

    • memory/2672-73-0x000007FEF3130000-0x000007FEF3165000-memory.dmp

      Filesize

      212KB

    • memory/2672-74-0x000007FEF3100000-0x000007FEF3125000-memory.dmp

      Filesize

      148KB

    • memory/2672-75-0x000007FEF30E0000-0x000007FEF30F1000-memory.dmp

      Filesize

      68KB

    • memory/2672-76-0x000007FEF3070000-0x000007FEF30D1000-memory.dmp

      Filesize

      388KB

    • memory/2672-77-0x000007FEF3050000-0x000007FEF3061000-memory.dmp

      Filesize

      68KB

    • memory/2672-78-0x000007FEF3030000-0x000007FEF3042000-memory.dmp

      Filesize

      72KB

    • memory/2672-79-0x000007FEF3010000-0x000007FEF3023000-memory.dmp

      Filesize

      76KB

    • memory/2672-80-0x000007FEF2F70000-0x000007FEF300F000-memory.dmp

      Filesize

      636KB

    • memory/2672-81-0x000007FEF2F50000-0x000007FEF2F61000-memory.dmp

      Filesize

      68KB

    • memory/2672-82-0x000007FEF2E40000-0x000007FEF2F42000-memory.dmp

      Filesize

      1.0MB

    • memory/2672-83-0x000007FEF2E20000-0x000007FEF2E31000-memory.dmp

      Filesize

      68KB

    • memory/2672-84-0x000007FEF2E00000-0x000007FEF2E11000-memory.dmp

      Filesize

      68KB

    • memory/2672-85-0x000007FEF2DE0000-0x000007FEF2DF1000-memory.dmp

      Filesize

      68KB

    • memory/2672-86-0x000007FEF2DC0000-0x000007FEF2DD2000-memory.dmp

      Filesize

      72KB

    • memory/2672-87-0x000007FEF2DA0000-0x000007FEF2DB8000-memory.dmp

      Filesize

      96KB

    • memory/2672-88-0x000007FEF2D80000-0x000007FEF2D96000-memory.dmp

      Filesize

      88KB

    • memory/2672-89-0x000007FEF2D50000-0x000007FEF2D79000-memory.dmp

      Filesize

      164KB

    • memory/2672-90-0x000007FEF2D30000-0x000007FEF2D42000-memory.dmp

      Filesize

      72KB

    • memory/2672-91-0x000007FEF2D10000-0x000007FEF2D21000-memory.dmp

      Filesize

      68KB

    • memory/2672-92-0x000007FEF2CF0000-0x000007FEF2D01000-memory.dmp

      Filesize

      68KB