Malware Analysis Report

2025-08-11 01:05

Sample ID 240302-tzbdesfc77
Target winrar-x64-700.exe
SHA256 ff309d1430fc97fccaa9cb82ddf3d23ce9afdf62dcf8c69512de40820df15e24
Tags
discovery persistence
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

ff309d1430fc97fccaa9cb82ddf3d23ce9afdf62dcf8c69512de40820df15e24

Threat Level: Likely benign

The file winrar-x64-700.exe was found to be: Likely benign.

Malicious Activity Summary

discovery persistence

Checks installed software on the system

Modifies system executable filetype association

Registers COM server for autorun

Drops file in Program Files directory

Executes dropped EXE

Loads dropped DLL

Enumerates physical storage devices

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-02 16:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-02 16:29

Reported

2024-03-02 16:30

Platform

win7-20240221-en

Max time kernel

44s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe"

Signatures

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WinRAR\UnRAR.exe C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\7zxa.dll C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\RarExtPackage.msix C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\WinRAR.chm C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\__tmp_rar_sfx_access_check_259403064 C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\Descript.ion C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\Zip.SFX C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\WinRAR.chm C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\zipnew.dat C:\Program Files\WinRAR\uninstall.exe N/A
File opened for modification C:\Program Files\WinRAR\License.txt C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\Order.htm C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\Order.htm C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\WinCon32.SFX C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\WinCon.SFX C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\Uninstall.lst C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExtInstaller.exe C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExt32.dll C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\Default32.SFX C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\WinCon.SFX C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\WhatsNew.txt C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\RarFiles.lst C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\UnRAR.exe C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\RarExt.dll C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExtPackage.msix C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\Zip.SFX C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\License.txt C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\Rar.txt C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\Rar.exe C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\WinCon32.SFX C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\WinRAR.exe C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\7zxa.dll C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\Zip32.SFX C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\WhatsNew.txt C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\RarExt32.dll C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\Default.SFX C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\rarnew.dat C:\Program Files\WinRAR\uninstall.exe N/A
File opened for modification C:\Program Files\WinRAR C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\Descript.ion C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\Rar.exe C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExt.dll C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\Zip32.SFX C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\Rar.txt C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\RarFiles.lst C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\Default.SFX C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\ReadMe.txt C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\Uninstall.lst C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\Resources.pri C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File opened for modification C:\Program Files\WinRAR\Default32.SFX C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\ReadMe.txt C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\Resources.pri C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\RarExtInstaller.exe C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
File created C:\Program Files\WinRAR\WinRAR.exe C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files\WinRAR\uninstall.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\WinRAR\uninstall.exe N/A
N/A N/A C:\Program Files\WinRAR\uninstall.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32 C:\Program Files\WinRAR\uninstall.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ = "C:\\Program Files\\WinRAR\\rarext.dll" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32 C:\Program Files\WinRAR\uninstall.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.arj C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xz\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\ = "WinRAR archive" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\ = "RAR recovery volume" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.lz\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.rev C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR32 C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.lz C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.tgz\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.bz C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.tzst C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open\command\ = "\"C:\\Program Files\\WinRAR\\WinRAR.exe\" \"%1\"" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon\ = "C:\\Program Files\\WinRAR\\WinRAR.exe,0" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\DefaultIcon\ = "C:\\Program Files\\WinRAR\\WinRAR.exe,0" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.uue C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InProcServer32 C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.tlz C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.z C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.tar\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.zip\ShellNew C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.uu\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\DefaultIcon C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.tbz2 C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.rev\ = "WinRAR.REV" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32 C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.lha\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.tbz2\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.rar\ShellNew C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.lzh C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.lha C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.001\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\DefaultIcon\ = "C:\\Program Files\\WinRAR\\WinRAR.exe,1" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.zipx C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe

"C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe"

C:\Program Files\WinRAR\uninstall.exe

"C:\Program Files\WinRAR\uninstall.exe" /setup

Network

N/A

Files

\Program Files\WinRAR\Uninstall.exe

MD5 0c52b3fb85bd6ec371183a4bfb0ec5ed
SHA1 c756d66045e8b2603c1ad8fb3caf8d01efe48f9c
SHA256 4d24274b446a85edf45270b606b2a9f789d16ab84714e745512051bd192faad4
SHA512 7d3aaf09ee7ee50fe542a17818797ea1b0cce9bf2d337d8bbe5fabeed7331ea774faf1e4e337c2cc2ee0dab6de261ee1f1245cea21afd15eb7298a1298613e70

C:\Program Files\WinRAR\WinRAR.exe

MD5 5c854dcce18e265addab39558db96a02
SHA1 151c8b4295630a71f2c1bed76326055100378b66
SHA256 ddc4f274cdec3954acefb624ed3fc7a8f8c5fed767934bb028a85db62b781fb1
SHA512 de26ef2f1bc0a910f43fbb874cf87ac1d892bcc2c220d4850970be5ebdd208f426eee5250088b8e3b57431bd9aa31ff120022e72173cc2fdaeecd894a6c03a00

C:\Program Files\WinRAR\WhatsNew.txt

MD5 2b9e0d72411ef328313c0c703d76854c
SHA1 6f52c400fb211181985cd28330a173b74af0a685
SHA256 c13db7e2b3fb2430a10abf78efcc2a6fb0ca1dd7d18c9d7b28c09a41238d7157
SHA512 ce71a9a84ac9f4da74bda7653a150a8b950e5da95cd708de266fb33506054aafd12b35ac3d28e0569f3c298967db4a3c5581d184a3d320bed6122bea1e1cc741

C:\Program Files\WinRAR\Rar.txt

MD5 fc13e375f3144a55adfb46f342778447
SHA1 f2e716a60f6371eeba55fbcc90c3b8b7c14eb4a4
SHA256 7511c100daa946175efc18082d1923518bf1bfc8c1a80ea0252af585fbe295b5
SHA512 8ca4a0ecc0d55d29a8ff291afb8cdffbf4a949d0979ffe2e262465db8e8c7dc30837a4ea17c163fea1902ed0bebb5a937eafc179d25f6ce1fc747f6309181e40

C:\Program Files\WinRAR\WinRAR.chm

MD5 9a61f439dc229638f26846c69183043a
SHA1 f35c4c41272311853833b71cec963fd92637638f
SHA256 0879cdd9d81b1cb319692dde76bf3a3c16369ddc33f006ffb199ed08d57bfa18
SHA512 0da8117c3040b7d9fcca29e424612176603880a3c1985d45d8b7ec90ef2349dc910b89aa539b69b6d35e786553194b8e510e928a5fbeaf4450d5ad5ee40f3416

\Program Files\WinRAR\RarExt.dll

MD5 3068ec5dc5fc098d27e2270366a7c4f6
SHA1 2b5a5abc33aaba8b49799e835798f027114e8507
SHA256 fa913a43d99fd0af75959a176c08a6041004a511329d608510ae6ebd75c7ea8e
SHA512 46b199885da3e44fe6defb2358ce651bd166f99f42ff6ef09da19630c8380ebf43809fe08502652c70873e84f0f39ce7707028bdea0f750f5ced7893209c244d

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-02 16:29

Reported

2024-03-02 16:30

Platform

win10v2004-20240226-en

Max time kernel

43s

Max time network

40s

Command Line

"C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe"

Signatures

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe

"C:\Users\Admin\AppData\Local\Temp\winrar-x64-700.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 61.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp

Files

N/A