d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
17-11-2023 01:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Size

1.0MB
MD5

f3053c9ad88afc35522cc235b2b52dab
SHA1

eb37bb355c834f6bfb31eef8f0f7fab14596f5d3
SHA256

d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872
SHA512

29fbd493cfe7baaceb44bb44f1af11773c4c3b03ccb7325d637430b8f9cabf1d16e69e29bf2172f85da4a35dfbce7f0926a13f3b6728410eb25fe0ac0346b39c
SSDEEP

24576:JdPuNgC18loTWIgLYeuQaTjCjsyYPDsseHtHwKrinMMMMMM+v:PuWu8CDgLYOsTHMMMMMM

Score

7^/10

persistence

Malware Config

Signatures

Modifies system executable filetype association 2 TTPs 4 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR32	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR32	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rev	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\WinRAR32	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\WinRAR.exe\" \"%1\""	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR32	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR32	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\WinRAR	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\ = "WinRAR ZIP 压缩文件"	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\DefaultIcon	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\WinRAR.exe\" \"%1\""	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WinRAR.exe,1"	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR32	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open\command	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open\command	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\ = "RAR 恢复卷"	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\ = "WinRAR 压缩文件"	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rev\ = "WinRAR.REV"	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\WinRAR.exe\" \"%1\""	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2664	d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe

C:\Users\Admin\AppData\Local\Temp\d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe
"C:\Users\Admin\AppData\Local\Temp\d5b139ac07be4142bf8d08c0361cbcf476aaa6e5843ce2fcaa1bec6d6a026872.exe"
1⤵
- Modifies system executable filetype association
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:2664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2664-0-0x0000000001240000-0x00000000013A0000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads