Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

winrar-x64-624es.exe

windows7-x64

4

winrar-x64-624es.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    8s
  • max time network
    8s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/01/2024, 15:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    winrar-x64-624es.exe

  • Size

    3.5MB

  • MD5

    1da8374156fc6492f06828e55ea4dc13

  • SHA1

    4923d045851434d65ce7c56b7e1bd73a08fc2305

  • SHA256

    c94ed445611ed35ebbe8c3c2af5c17e20cdb8ef76ecbc1ef535bdec7ccf08f4b

  • SHA512

    445392ffca842263310d0f4b8371e0bfd6bcb40d9e846d645c73616b252315b0603d7e538d9e5415028c35f747989da5c14566cf356860304e889ae7f12565d2

  • SSDEEP

    98304:jwBOBfKqQ0K1MTXtbysMqIpmCcBQz/J6+14CeZx1kR7:jw/qQv1MTXhysMs1BQnG1G

Score
4/10
discoverypersistence

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 9 IoCs
  • Modifies system executable filetype association 2 TTPs 8 IoCs
    persistence
  • Registers COM server for autorun 1 TTPs 3 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\winrar-x64-624es.exe
    "C:\Users\Admin\AppData\Local\Temp\winrar-x64-624es.exe"
    1⤵
    • Drops file in Program Files directory
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2868
    • C:\Program Files\WinRAR\uninstall.exe
      "C:\Program Files\WinRAR\uninstall.exe" /setup
      2⤵
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies system executable filetype association
      • Registers COM server for autorun
      • Modifies registry class
      PID:2764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\WinRAR\Novedades.txt
    Filesize

    128KB

    MD5

    40b56840a002d058487e07ceab41ba25

    SHA1

    1f8c2103e7b40fcff025b4ceb26e9d5baa52601a

    SHA256

    028f24fd6f8b308fe973359cc8ca6c138e2b5a3aaa5b6cc706ff37d9e0d39134

    SHA512

    42bf7c2fc55f39642d2cdb766c21cace39cf2f8b3f56bc39d3441ef48f64e623a981875d063018fdd609dcb36718bf3a3f38d5a12bca46e532194ae452ec50ce

    Download Submit

  • C:\Program Files\WinRAR\Rar.txt
    Filesize

    203KB

    MD5

    cd2af595d614b5071a4b1fded545aae8

    SHA1

    f8ec4ccfd0a9edc874284ce81d0aa2b054f7f2e5

    SHA256

    701b9efce8896e9f22903c77b1da50e7d7553e014525cccf2a98301b3ffdbc77

    SHA512

    b55c9344b786e134aec9e04b310b7b177535f24914b7d871c78506ebf6eef0c431018685d27b832ccc9ca7bb68e7611170a44ebf912f4b43987f061d01a68d29

    Download Submit

  • C:\Program Files\WinRAR\WinRAR.exe
    Filesize

    729KB

    MD5

    3c7883ec903374905b839538594d1497

    SHA1

    e4d0d786b5d44a7948b6b21bd6dbc9634aaca298

    SHA256

    b40af8e4f6680357d4b744a6f54b3048daf2ab59ec329f592678e8c9510a625f

    SHA512

    63ae5e46635145e63ad33b7b4cb31cacff0798dc535a4d5922a4364e592639f589c18b6f6e83bf235e1ffcf8d8ccc2445c5d227bfd5c737fd992c7cffc5c9250

    Download Submit

  • C:\Program Files\WinRAR\uninstall.lng
    Filesize

    14KB

    MD5

    64915bd350c1f039e8b3de24cb0921c8

    SHA1

    3bc59eb66c6b0c68a20460b7f41695e8503bb667

    SHA256

    150cf78526a7a4275398dee2c01abb4bf907e981ffa65acbedb03ad3983cfab9

    SHA512

    d72f2754ebc4932ee1c02cb213683bc088bb35d813303d61082f8bfb76d842e7ef32b05b2abe1935337bd61bacd15666f970fbad5c16fe4607a94dd8f12c9855

    Download Submit

  • C:\Program Files\WinRAR\winrar.chm
    Filesize

    342KB

    MD5

    323ae4c970e7c29a9958d505084cb75c

    SHA1

    e537e9cc8d53fdf852c8866d028e1468e2db27fc

    SHA256

    2c1a6ddceae55587247c9ea338dbb0be785376b75121c3887f25ac4f50f2be70

    SHA512

    0a7047221558f14897cb417c2751f8f733fc5d2da7ac89b0c9684274fab0d51aa8d155cfd6380f7f2096466449a37f8a35a81f185446fcafea908304f57fea65

    Download Submit

  • \Program Files\WinRAR\Uninstall.exe
    Filesize

    429KB

    MD5

    62c61b5bc915f81c8038aa83ed1a3b01

    SHA1

    d6e611c6bbc3f878e551d12c876b597cb88c2dbc

    SHA256

    a4ed7c4c337c1068cfc4298b8c5e166a66a6f6697352b1f3df0b9c9b1428f353

    SHA512

    919b4294152403a3be25127fb078a26e540ba5335454e29f865340fb6121c18078e0d1acb5f5d2deb8b8375932eb7d27f472060595020a258ae9639479fbfe53

    Download Submit

  • \Program Files\WinRAR\Uninstall.exe
    Filesize

    90KB

    MD5

    31093e7eccbd3e51280a5b47fcf302a8

    SHA1

    1543a5879af5dc0df0c1e413a2217065318ff637

    SHA256

    1a1d10d290225924977ef6b5e0fd6fac2946169eeb05c2b2cbab2cd680d41cd2

    SHA512

    8aeb89967721a67391ad554e13d70f0deeec9b8583721a2c7e83979f5c5605106514fd0060cbbd3c9333c166cc8e728609d5571c56989245aa2a25d07e601edb

    Download Submit

  • \Program Files\WinRAR\WinRAR.exe
    Filesize

    1.6MB

    MD5

    277f6e6bbda4676e4015e57016ec5249

    SHA1

    06548fdcf070f6bfdb968d29996e8f7b1bff3a11

    SHA256

    c01f55c95ff59114d22ffb7d43b5e1f7e20d1b333a21422335a74a859082a5da

    SHA512

    b33ea11f7bcdd2b80dee53bddb43a8ca21578f667c154cc1b471169d3614897df1433353d39b3863868bda9dd7a5345a9076c0b243179fef3d0b85f51a96e4af

    Download Submit

  • \Program Files\WinRAR\WinRAR.exe
    Filesize

    1.9MB

    MD5

    a10086a4fe916c7264c11b6ecbbc63ca

    SHA1

    45a2991b5954edd66ea3d27245a3c07bba67e2bb

    SHA256

    d72f837e32164336a48a909a8c5a5aa7818498921824e4ca81753cb9433268ac

    SHA512

    34fe3e1f9cefe5534de1c824c12e49c0e2eae5929eb7a84ddb44af3af08d33f048a9c0a257e19b6f07d387b82d0b7220598786407e60d6ec769985fed75cf569

    Download Submit

  • \Program Files\WinRAR\WinRAR.exe
    Filesize

    169KB

    MD5

    88c08d1b9d7126004820a14d997c1d61

    SHA1

    89e0646620e6cadb5f707125a32a2804d5299ab6

    SHA256

    a1aef40c5cc82e45ea030558e1182e9b9635c7120837cfa7563c5f01937986f5

    SHA512

    5948f33c8e283651e017b2257354b61fb512e5c52c7f412925f78d6550db21429941e7378d8491c62d36ed20a0607e18f62e428f3bdfcf7529f74faea30ebfe1

    Download Submit

  • \Program Files\WinRAR\WinRAR.exe
    Filesize

    136KB

    MD5

    d52c1717f3b17e6f999c90070daedeb4

    SHA1

    f4a0b9aaa083e2863042c942586e7a7bdd8fe490

    SHA256

    55d7612f6b6ee4734145f745f825bc648bf7484e445718b4094e0b7e1afaecba

    SHA512

    e114ee9603c6074777c8a3a10db6d954c8ff9fc75337c32bf4e7dce1f4b0c6c4deaede0c43e743d6d0c7515bf220c66a3a119b8cdec08f21662573ed3bbe7e81

    Download Submit

  • \Program Files\WinRAR\WinRAR.exe
    Filesize

    2.4MB

    MD5

    437c59059419449ff4d7cc13e76f37d6

    SHA1

    4c9eccde7f86ff9ecdd2c87dee253ed449720cdc

    SHA256

    d6eb9206a59e2e128898337b3cd9bc6ac46cbac166005c4b22a462a33892612c

    SHA512

    f9030f70ce5b4d478998335d89e0f38b14385d0a60bd8424f33279d043d45216655b19ccf3e691c65a82895d6478dc8f0f82a0777fd6e4b1d825dac4157ba987

    Download Submit

  • \Program Files\WinRAR\WinRAR.exe
    Filesize

    1.4MB

    MD5

    9b884c13e7fd220267d9df9956480802

    SHA1

    716033bb6412a72e924eb65c5c1550a58b971155

    SHA256

    e47154b0744c1af0db9d9ba4c7322683fd57930cd8ada33b55da534b42c8ada0

    SHA512

    643a4740c3e10c8e4bbea826f78a459315d2b7e480ec9c381c8c679e4f28801738088c4afe46f1cf61869fe1370ae8d26719cb7a88144c02d153c488a33d83d6

    Download Submit