Overview

overview

4

Static

static

1

winrar-x64-624es.exe

windows7-x64

4

winrar-x64-624es.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    8s
  • max time network
    8s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/01/2024, 15:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    winrar-x64-624es.exe

  • Size

    3.5MB

  • MD5

    1da8374156fc6492f06828e55ea4dc13

  • SHA1

    4923d045851434d65ce7c56b7e1bd73a08fc2305

  • SHA256

    c94ed445611ed35ebbe8c3c2af5c17e20cdb8ef76ecbc1ef535bdec7ccf08f4b

  • SHA512

    445392ffca842263310d0f4b8371e0bfd6bcb40d9e846d645c73616b252315b0603d7e538d9e5415028c35f747989da5c14566cf356860304e889ae7f12565d2

  • SSDEEP

    98304:jwBOBfKqQ0K1MTXtbysMqIpmCcBQz/J6+14CeZx1kR7:jw/qQv1MTXhysMs1BQnG1G

Score
4/10
discoverypersistence

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 9 IoCs
  • Modifies system executable filetype association 2 TTPs 8 IoCs
    persistence
  • Registers COM server for autorun 1 TTPs 3 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\winrar-x64-624es.exe
    "C:\Users\Admin\AppData\Local\Temp\winrar-x64-624es.exe"
    1⤵
    • Drops file in Program Files directory
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2868
    • C:\Program Files\WinRAR\uninstall.exe
      "C:\Program Files\WinRAR\uninstall.exe" /setup
      2⤵
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies system executable filetype association
      • Registers COM server for autorun
      • Modifies registry class
      PID:2764

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\WinRAR\Novedades.txt
          Filesize

          128KB

          MD5

          40b56840a002d058487e07ceab41ba25

          SHA1

          1f8c2103e7b40fcff025b4ceb26e9d5baa52601a

          SHA256

          028f24fd6f8b308fe973359cc8ca6c138e2b5a3aaa5b6cc706ff37d9e0d39134

          SHA512

          42bf7c2fc55f39642d2cdb766c21cace39cf2f8b3f56bc39d3441ef48f64e623a981875d063018fdd609dcb36718bf3a3f38d5a12bca46e532194ae452ec50ce

          Download Submit

        • C:\Program Files\WinRAR\Rar.txt
          Filesize

          203KB

          MD5

          cd2af595d614b5071a4b1fded545aae8

          SHA1

          f8ec4ccfd0a9edc874284ce81d0aa2b054f7f2e5

          SHA256

          701b9efce8896e9f22903c77b1da50e7d7553e014525cccf2a98301b3ffdbc77

          SHA512

          b55c9344b786e134aec9e04b310b7b177535f24914b7d871c78506ebf6eef0c431018685d27b832ccc9ca7bb68e7611170a44ebf912f4b43987f061d01a68d29

          Download Submit

        • C:\Program Files\WinRAR\WinRAR.exe
          Filesize

          729KB

          MD5

          3c7883ec903374905b839538594d1497

          SHA1

          e4d0d786b5d44a7948b6b21bd6dbc9634aaca298

          SHA256

          b40af8e4f6680357d4b744a6f54b3048daf2ab59ec329f592678e8c9510a625f

          SHA512

          63ae5e46635145e63ad33b7b4cb31cacff0798dc535a4d5922a4364e592639f589c18b6f6e83bf235e1ffcf8d8ccc2445c5d227bfd5c737fd992c7cffc5c9250

          Download Submit

        • C:\Program Files\WinRAR\uninstall.lng
          Filesize

          14KB

          MD5

          64915bd350c1f039e8b3de24cb0921c8

          SHA1

          3bc59eb66c6b0c68a20460b7f41695e8503bb667

          SHA256

          150cf78526a7a4275398dee2c01abb4bf907e981ffa65acbedb03ad3983cfab9

          SHA512

          d72f2754ebc4932ee1c02cb213683bc088bb35d813303d61082f8bfb76d842e7ef32b05b2abe1935337bd61bacd15666f970fbad5c16fe4607a94dd8f12c9855

          Download Submit

        • C:\Program Files\WinRAR\winrar.chm
          Filesize

          342KB

          MD5

          323ae4c970e7c29a9958d505084cb75c

          SHA1

          e537e9cc8d53fdf852c8866d028e1468e2db27fc

          SHA256

          2c1a6ddceae55587247c9ea338dbb0be785376b75121c3887f25ac4f50f2be70

          SHA512

          0a7047221558f14897cb417c2751f8f733fc5d2da7ac89b0c9684274fab0d51aa8d155cfd6380f7f2096466449a37f8a35a81f185446fcafea908304f57fea65

          Download Submit

        • \Program Files\WinRAR\Uninstall.exe
          Filesize

          429KB

          MD5

          62c61b5bc915f81c8038aa83ed1a3b01

          SHA1

          d6e611c6bbc3f878e551d12c876b597cb88c2dbc

          SHA256

          a4ed7c4c337c1068cfc4298b8c5e166a66a6f6697352b1f3df0b9c9b1428f353

          SHA512

          919b4294152403a3be25127fb078a26e540ba5335454e29f865340fb6121c18078e0d1acb5f5d2deb8b8375932eb7d27f472060595020a258ae9639479fbfe53

          Download Submit

        • \Program Files\WinRAR\Uninstall.exe
          Filesize

          90KB

          MD5

          31093e7eccbd3e51280a5b47fcf302a8

          SHA1

          1543a5879af5dc0df0c1e413a2217065318ff637

          SHA256

          1a1d10d290225924977ef6b5e0fd6fac2946169eeb05c2b2cbab2cd680d41cd2

          SHA512

          8aeb89967721a67391ad554e13d70f0deeec9b8583721a2c7e83979f5c5605106514fd0060cbbd3c9333c166cc8e728609d5571c56989245aa2a25d07e601edb

          Download Submit

        • \Program Files\WinRAR\WinRAR.exe
          Filesize

          1.6MB

          MD5

          277f6e6bbda4676e4015e57016ec5249

          SHA1

          06548fdcf070f6bfdb968d29996e8f7b1bff3a11

          SHA256

          c01f55c95ff59114d22ffb7d43b5e1f7e20d1b333a21422335a74a859082a5da

          SHA512

          b33ea11f7bcdd2b80dee53bddb43a8ca21578f667c154cc1b471169d3614897df1433353d39b3863868bda9dd7a5345a9076c0b243179fef3d0b85f51a96e4af

          Download Submit

        • \Program Files\WinRAR\WinRAR.exe
          Filesize

          1.9MB

          MD5

          a10086a4fe916c7264c11b6ecbbc63ca

          SHA1

          45a2991b5954edd66ea3d27245a3c07bba67e2bb

          SHA256

          d72f837e32164336a48a909a8c5a5aa7818498921824e4ca81753cb9433268ac

          SHA512

          34fe3e1f9cefe5534de1c824c12e49c0e2eae5929eb7a84ddb44af3af08d33f048a9c0a257e19b6f07d387b82d0b7220598786407e60d6ec769985fed75cf569

          Download Submit

        • \Program Files\WinRAR\WinRAR.exe
          Filesize

          169KB

          MD5

          88c08d1b9d7126004820a14d997c1d61

          SHA1

          89e0646620e6cadb5f707125a32a2804d5299ab6

          SHA256

          a1aef40c5cc82e45ea030558e1182e9b9635c7120837cfa7563c5f01937986f5

          SHA512

          5948f33c8e283651e017b2257354b61fb512e5c52c7f412925f78d6550db21429941e7378d8491c62d36ed20a0607e18f62e428f3bdfcf7529f74faea30ebfe1

          Download Submit

        • \Program Files\WinRAR\WinRAR.exe
          Filesize

          136KB

          MD5

          d52c1717f3b17e6f999c90070daedeb4

          SHA1

          f4a0b9aaa083e2863042c942586e7a7bdd8fe490

          SHA256

          55d7612f6b6ee4734145f745f825bc648bf7484e445718b4094e0b7e1afaecba

          SHA512

          e114ee9603c6074777c8a3a10db6d954c8ff9fc75337c32bf4e7dce1f4b0c6c4deaede0c43e743d6d0c7515bf220c66a3a119b8cdec08f21662573ed3bbe7e81

          Download Submit

        • \Program Files\WinRAR\WinRAR.exe
          Filesize

          2.4MB

          MD5

          437c59059419449ff4d7cc13e76f37d6

          SHA1

          4c9eccde7f86ff9ecdd2c87dee253ed449720cdc

          SHA256

          d6eb9206a59e2e128898337b3cd9bc6ac46cbac166005c4b22a462a33892612c

          SHA512

          f9030f70ce5b4d478998335d89e0f38b14385d0a60bd8424f33279d043d45216655b19ccf3e691c65a82895d6478dc8f0f82a0777fd6e4b1d825dac4157ba987

          Download Submit

        • \Program Files\WinRAR\WinRAR.exe
          Filesize

          1.4MB

          MD5

          9b884c13e7fd220267d9df9956480802

          SHA1

          716033bb6412a72e924eb65c5c1550a58b971155

          SHA256

          e47154b0744c1af0db9d9ba4c7322683fd57930cd8ada33b55da534b42c8ada0

          SHA512

          643a4740c3e10c8e4bbea826f78a459315d2b7e480ec9c381c8c679e4f28801738088c4afe46f1cf61869fe1370ae8d26719cb7a88144c02d153c488a33d83d6

          Download Submit