23a7ef5004d703996e92446cc5b4730059488a55d549c33703f279623bacd477 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

WinRAR.exe

windows10-2004-x64

Sharing

General

Target

WinRAR.exe
Size

1.3MB
Sample

240420-vt2tvsdh7t
MD5

167b0c13576ce31c32d1c53f1190dbb2
SHA1

9079697215a193868b9c9acf301f35a8351229f7
SHA256

23a7ef5004d703996e92446cc5b4730059488a55d549c33703f279623bacd477
SHA512

de5dd8da9508dbc8bf2382af69d8ea130194497bfb3c09ac90fe50ef256a36067f5b2cb24700db0099ecee9688e01fa958005d360ef006e26fd46447ffda11d3
SSDEEP

24576:md5HO7BsPDEV93rmcrM0R3CI5UfaKC9J1upHEnMK7MMMMMMGM:wQt8DEV93ScpSI8C9JE8MMMMMMD

Score

8^/10

discovery evasion exploit persistence

Static task

static1

Behavioral task

behavioral1

Sample

WinRAR.exe

Resource

win10v2004-20240412-en

discovery evasion exploit persistence

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  WinRAR.exe
- Size
  
  1.3MB
- MD5
  
  167b0c13576ce31c32d1c53f1190dbb2
- SHA1
  
  9079697215a193868b9c9acf301f35a8351229f7
- SHA256
  
  23a7ef5004d703996e92446cc5b4730059488a55d549c33703f279623bacd477
- SHA512
  
  de5dd8da9508dbc8bf2382af69d8ea130194497bfb3c09ac90fe50ef256a36067f5b2cb24700db0099ecee9688e01fa958005d360ef006e26fd46447ffda11d3
- SSDEEP
  
  24576:md5HO7BsPDEV93rmcrM0R3CI5UfaKC9J1upHEnMK7MMMMMMGM:wQt8DEV93ScpSI8C9JE8MMMMMMD
Score

8^/10

discovery evasion exploit persistence
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
- Modifies system executable filetype association
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryevasionexploitpersistence

© 2018-2024

Terms | Privacy