d4775b393a68e53dc10dd0014c2462d47500691fc5a5da03b6fd0cee976db70b

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 02:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

255331d90cac5d90f3afa0aa6213cc61.exe
Size

583KB
MD5

255331d90cac5d90f3afa0aa6213cc61
SHA1

56f957954b7a8aa88953f63cc083d6e330928ba3
SHA256

d4775b393a68e53dc10dd0014c2462d47500691fc5a5da03b6fd0cee976db70b
SHA512

451bed22b5e0bbaefaf159c7ac1b425798f456686598736f27a716286972192d8f455c84b9ee7313ddba719f5ccc14fdd726f28ffa91b425172f915a5a568c80
SSDEEP

12288:HfKJ/Hwpl2tJHBHF3Z4mxxXXF/jhERUum:HeRHQmXHF/VCUum

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2832	rain.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\rain.exe	255331d90cac5d90f3afa0aa6213cc61.exe
File opened for modification	C:\Windows\rain.exe	255331d90cac5d90f3afa0aa6213cc61.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	rain.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	rain.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	rain.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	rain.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	rain.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2008	255331d90cac5d90f3afa0aa6213cc61.exe
Token: SeDebugPrivilege	2832	rain.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2832	rain.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2832 wrote to memory of 4408	2832	rain.exe	28
PID 2832 wrote to memory of 4408	2832	rain.exe	28

C:\Users\Admin\AppData\Local\Temp\255331d90cac5d90f3afa0aa6213cc61.exe
"C:\Users\Admin\AppData\Local\Temp\255331d90cac5d90f3afa0aa6213cc61.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2008

C:\Program Files\Internet Explorer\IexplOrE.EXE
"C:\Program Files\Internet Explorer\IexplOrE.EXE"
1⤵
PID:4408

C:\Windows\rain.exe
C:\Windows\rain.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\rain.exe

Filesize
583KB

MD5
255331d90cac5d90f3afa0aa6213cc61

SHA1
56f957954b7a8aa88953f63cc083d6e330928ba3

SHA256
d4775b393a68e53dc10dd0014c2462d47500691fc5a5da03b6fd0cee976db70b

SHA512
451bed22b5e0bbaefaf159c7ac1b425798f456686598736f27a716286972192d8f455c84b9ee7313ddba719f5ccc14fdd726f28ffa91b425172f915a5a568c80

Download Submit
C:\Windows\rain.exe

Filesize
92KB

MD5
bd433f174ec26d51f22cccd68f1ef5d2

SHA1
011f14bf98213fe5d8e50dd0fd31e54629e5e0c3

SHA256
c84a5585e7e137be7ce468a5c4de2b36bfbcb75cdacb931124d4edb68c05e1d5

SHA512
95d2dce8180f263132b6a87c083e01e36b37db567d9d9b2c25e1ce430b78fdb6713844d1f6bfdb79eb42111cecbb1315bba19c6909f82d9cdf537a6e5be4b943

Download Submit
memory/2008-0-0x0000000000400000-0x0000000000558000-memory.dmp

Filesize
1.3MB

Download
memory/2008-1-0x0000000000A80000-0x0000000000AD4000-memory.dmp

Filesize
336KB

Download
memory/2008-11-0x00000000033D0000-0x000000000347F000-memory.dmp

Filesize
700KB

Download
memory/2008-20-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/2008-19-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/2008-18-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/2008-17-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/2008-16-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/2008-15-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/2008-14-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/2008-13-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/2008-12-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/2008-10-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/2008-9-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/2008-8-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/2008-7-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/2008-6-0x00000000023E0000-0x00000000023E1000-memory.dmp

Filesize
4KB

Download
memory/2008-5-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/2008-4-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/2008-3-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/2008-2-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/2008-88-0x0000000000400000-0x0000000000558000-memory.dmp

Filesize
1.3MB

Download
memory/2832-31-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-38-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-43-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-50-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-57-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-63-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-67-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-66-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-65-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-64-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-62-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-61-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-60-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-59-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-58-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-56-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-55-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-54-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-53-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-52-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-51-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-49-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-48-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-47-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-46-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-45-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-44-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-42-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-41-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-40-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-39-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-37-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-36-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-35-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-34-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-33-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-32-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-30-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-29-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-28-0x0000000002080000-0x0000000002180000-memory.dmp

Filesize
1024KB

Download
memory/2832-27-0x0000000002080000-0x000000000212F000-memory.dmp

Filesize
700KB

Download
memory/2832-26-0x0000000000930000-0x0000000000984000-memory.dmp

Filesize
336KB

Download
memory/2832-25-0x0000000000400000-0x0000000000558000-memory.dmp

Filesize
1.3MB

Download