Analysis

  • max time kernel
    44s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02/03/2024, 16:29

General

  • Target

    winrar-x64-700.exe

  • Size

    3.8MB

  • MD5

    48deabfacb5c8e88b81c7165ed4e3b0b

  • SHA1

    de3dab0e9258f9ff3c93ab6738818c6ec399e6a4

  • SHA256

    ff309d1430fc97fccaa9cb82ddf3d23ce9afdf62dcf8c69512de40820df15e24

  • SHA512

    d1d30f6267349bb23334f72376fe3384ac14d202bc8e12c16773231f5f4a3f02b76563f05b11d89d5ef6c05d4acaacc79f72f1d617ee6d1b6eddab2b866426af

  • SSDEEP

    98304:sWaWOBfKnlSXdgRgopW/r+N5op154iXEBdbwUoy60518ymXM2mGm:xamnqdgyoE+noL54u2wUoylrVmlw

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Program Files directory 60 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 7 IoCs
  • Modifies system executable filetype association 2 TTPs 8 IoCs
  • Registers COM server for autorun 1 TTPs 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe
    "C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe"
    1⤵
    • Drops file in Program Files directory
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2984
    • C:\Program Files\WinRAR\uninstall.exe
      "C:\Program Files\WinRAR\uninstall.exe" /setup
      2⤵
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies system executable filetype association
      • Registers COM server for autorun
      • Modifies registry class
      PID:2428

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\WinRAR\Rar.txt

          Filesize

          105KB

          MD5

          fc13e375f3144a55adfb46f342778447

          SHA1

          f2e716a60f6371eeba55fbcc90c3b8b7c14eb4a4

          SHA256

          7511c100daa946175efc18082d1923518bf1bfc8c1a80ea0252af585fbe295b5

          SHA512

          8ca4a0ecc0d55d29a8ff291afb8cdffbf4a949d0979ffe2e262465db8e8c7dc30837a4ea17c163fea1902ed0bebb5a937eafc179d25f6ce1fc747f6309181e40

        • C:\Program Files\WinRAR\WhatsNew.txt

          Filesize

          43KB

          MD5

          2b9e0d72411ef328313c0c703d76854c

          SHA1

          6f52c400fb211181985cd28330a173b74af0a685

          SHA256

          c13db7e2b3fb2430a10abf78efcc2a6fb0ca1dd7d18c9d7b28c09a41238d7157

          SHA512

          ce71a9a84ac9f4da74bda7653a150a8b950e5da95cd708de266fb33506054aafd12b35ac3d28e0569f3c298967db4a3c5581d184a3d320bed6122bea1e1cc741

        • C:\Program Files\WinRAR\WinRAR.chm

          Filesize

          316KB

          MD5

          9a61f439dc229638f26846c69183043a

          SHA1

          f35c4c41272311853833b71cec963fd92637638f

          SHA256

          0879cdd9d81b1cb319692dde76bf3a3c16369ddc33f006ffb199ed08d57bfa18

          SHA512

          0da8117c3040b7d9fcca29e424612176603880a3c1985d45d8b7ec90ef2349dc910b89aa539b69b6d35e786553194b8e510e928a5fbeaf4450d5ad5ee40f3416

        • C:\Program Files\WinRAR\WinRAR.exe

          Filesize

          3.1MB

          MD5

          5c854dcce18e265addab39558db96a02

          SHA1

          151c8b4295630a71f2c1bed76326055100378b66

          SHA256

          ddc4f274cdec3954acefb624ed3fc7a8f8c5fed767934bb028a85db62b781fb1

          SHA512

          de26ef2f1bc0a910f43fbb874cf87ac1d892bcc2c220d4850970be5ebdd208f426eee5250088b8e3b57431bd9aa31ff120022e72173cc2fdaeecd894a6c03a00

        • \Program Files\WinRAR\RarExt.dll

          Filesize

          634KB

          MD5

          3068ec5dc5fc098d27e2270366a7c4f6

          SHA1

          2b5a5abc33aaba8b49799e835798f027114e8507

          SHA256

          fa913a43d99fd0af75959a176c08a6041004a511329d608510ae6ebd75c7ea8e

          SHA512

          46b199885da3e44fe6defb2358ce651bd166f99f42ff6ef09da19630c8380ebf43809fe08502652c70873e84f0f39ce7707028bdea0f750f5ced7893209c244d

        • \Program Files\WinRAR\Uninstall.exe

          Filesize

          477KB

          MD5

          0c52b3fb85bd6ec371183a4bfb0ec5ed

          SHA1

          c756d66045e8b2603c1ad8fb3caf8d01efe48f9c

          SHA256

          4d24274b446a85edf45270b606b2a9f789d16ab84714e745512051bd192faad4

          SHA512

          7d3aaf09ee7ee50fe542a17818797ea1b0cce9bf2d337d8bbe5fabeed7331ea774faf1e4e337c2cc2ee0dab6de261ee1f1245cea21afd15eb7298a1298613e70