Overview

overview

4

Static

static

1

winrar-x64-701ru.exe

windows7-x64

4

winrar-x64-701ru.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 01:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    winrar-x64-701ru.exe

  • Size

    4.0MB

  • MD5

    b53fd2f7cd34ae24dd15b23d2eab08bd

  • SHA1

    994ff51c42d8ed9e8a98b66a7adc172c2fa75c95

  • SHA256

    2177fcc6c2105a01472358ad32a5ce467b4943d69f891cb30bbc82ec42003c60

  • SHA512

    763b2f03a8264bab2f64b99b573d1224537bfb345dfd88da48699f7f42d55dd74ac34272e64f49c20c4534b908f1a1d6e6e9674464bc2e0f33f0ac2f56919d60

  • SSDEEP

    98304:BN8BOBfKHXSBSQdkd0cr/ylwD+/lZUdmkUH0Tn8VIRgQjxL1uxJ:f8/3SSQdkCtwq/lSJU+0Iz6J

Score
4/10
discoverypersistence

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 7 IoCs
  • Modifies system executable filetype association 2 TTPs 8 IoCs
    persistence
  • Registers COM server for autorun 1 TTPs 3 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\winrar-x64-701ru.exe
    "C:\Users\Admin\AppData\Local\Temp\winrar-x64-701ru.exe"
    1⤵
    • Drops file in Program Files directory
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1532
    • C:\Program Files\WinRAR\uninstall.exe
      "C:\Program Files\WinRAR\uninstall.exe" /setup
      2⤵
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies system executable filetype association
      • Registers COM server for autorun
      • Modifies registry class
      PID:2752

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\WinRAR\Rar.txt
    Filesize

    244KB

    MD5

    0823398724a7a703aa8d9e085df2fd9f

    SHA1

    0eccf43913b2e9bae77d76e89a25f0109ea1d39c

    SHA256

    407adf18b49d6e9b77b20ebe90fae9b48f3f9289ab16f69003b2d5fb9b1a98d7

    SHA512

    fd02c6ff6c05f9fe1ad23c0a8662d40bf76106a6689cbbd487df3bf7b613b90d6c37d98e70c90382bada2ee1f07727ab2af81cd83cb6d6d1e56e3b94211fa7a8

    Download Submit
  • C:\Program Files\WinRAR\WhatsNew.txt
    Filesize

    390KB

    MD5

    cc8971e2bd40a635866ce28135903692

    SHA1

    d8878a027b9d48fd26354db7dd8512498b2bb8d8

    SHA256

    03a8d3c2905ee687fa08eb735b17c160c0fd37eec5eb7d107638cb24c8622a41

    SHA512

    b707f8d0ba01e5c228659cb7b8d25729c500895cf96c552fba826271c6c52b4c57c57ca832d0b247c9becb5997e309e46e7e34a09ce6d8e007960d7567acf2f9

    Download Submit
  • C:\Program Files\WinRAR\WinRAR.chm
    Filesize

    391KB

    MD5

    750305d8b1e97d19e9e26b25b3fb684a

    SHA1

    55c13b9ba27845fa8abe4170787df6bb7dbd4e41

    SHA256

    4c1c47d5b1874c2ba6453a69811359b3744b78010001a0dc0caeb790dfc5dea1

    SHA512

    b28dde1b4a82b5831186586f5a12abd2790448a4515620730a6732445123b004b565edde584b04e41cfbde1044931d41d8b149e889b2c58017e01816b96f32c2

    Download Submit
  • C:\Program Files\WinRAR\WinRAR.exe
    Filesize

    3.1MB

    MD5

    0d76233931dfa993fd9b546bd5229976

    SHA1

    ce8de59e2277e9003f3a9c96260ce099ca7cda6c

    SHA256

    648a5d7064cdf2a86f465ea6b318d0b1ceac905f77c438dac2778a001b50647c

    SHA512

    dd7b6bd5545c60e9ce21fbde35f20d8807bdaf9e4408321f7f709c9324c719f1a9f68648260cfeb7e5f94f4eabc631dd95e348e55d93b32ea12e899d030b91ee

    Download Submit
  • C:\Program Files\WinRAR\rarlng.dll
    Filesize

    966KB

    MD5

    6aa46eba5ccaf1ff9a4104b798a4180e

    SHA1

    52e1a9595d408e04e17a5f0909a63e8f7561ddc4

    SHA256

    7846ac61585b91c1da4b8d18679b34d2bd46985a656766c901371026d057b8f1

    SHA512

    adddc7b48e2394391d71bf887cf7c54424fa19e5576996378d50c5533568f8f80fb1867e124c3fc58268029941e4e4559aafdc812997620e314472929062e6fa

    Download Submit
  • \Program Files\WinRAR\RarExt.dll
    Filesize

    636KB

    MD5

    1e86c3bfcc0688bdbe629ed007b184b0

    SHA1

    793fada637d0d462e3511af3ffaec26c33248fac

    SHA256

    7b08daee81a32f72dbc10c5163b4d10eb48da8bb7920e9253be296774029f4ef

    SHA512

    4f8ae58bbf55acb13600217ed0eef09fa5f124682cedd2bfc489d83d921f609b66b0294d8450acb1a85d838adb0e8394dadf5282817dba576571e730704f43ac

    Download Submit
  • \Program Files\WinRAR\Uninstall.exe
    Filesize

    477KB

    MD5

    d36be447f422abc82276af9cb2f2741b

    SHA1

    f3ba2f58a88086f1b420a7520a5439a9eb851b79

    SHA256

    82a495858708b726f26cb86e2fbab8df86b9008a671be4c1f6c4f24ed3013735

    SHA512

    b9f5ffe578185b2f112d0bba21fdd6677d64986445ff971e9f6e8aa87a4684c0722b97a473150aff2742929fcaa79f6e336bd05d462bbdce149d634eb2f2d3d0

    Download Submit