6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef

Analysis

max time kernel
145s
max time network
150s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
09-03-2024 22:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Size

894KB
MD5

80b18e40138954cb010014292f18ae71
SHA1

78b237beb91c93852519048b5f61146c3b24841b
SHA256

6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef
SHA512

8613c4ab84dc4d95dc77a9ca6d543a6d225a04507144a40c4d6c4356602da107a6133ee31756f5a2217cbd64f24a1fe613552f052ad17970b3c7e81ddfe6e695
SSDEEP

24576:FyWp8MwCN9Dxj3r7IIoeX6XPSuuOsDMMMMMM:FyWxwChYAhMMMMMM

Score

7^/10

persistence

Malware Config

Signatures

Modifies system executable filetype association 2 TTPs 4 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR32	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rev	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WinRAR.exe,1"	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR32	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR32	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\ = "RAR recovery volume"	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\ = "WinRAR ZIP archive"	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\WinRAR.exe\" \"%1\""	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR32	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open\command	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WinRAR.exe,0"	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\WinRAR	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WinRAR.exe,0"	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\DefaultIcon	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\WinRAR32	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\WinRAR.exe\" \"%1\""	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open\command	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR32	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3000	6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe

C:\Users\Admin\AppData\Local\Temp\6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe
"C:\Users\Admin\AppData\Local\Temp\6deaff0b5a921f89ab45c7b5b08712d887aa2578fe77b2f2f50bfe4882d54eef.exe"
1⤵
- Modifies system executable filetype association
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3000-6-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3000-7-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3000-8-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3000-10-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3000-11-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3000-13-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3000-14-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3000-15-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3000-16-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3000-17-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3000-18-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3000-19-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3000-20-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/3000-21-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads