a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Size

1.0MB
MD5

26cc5ccd93e2158b89400d91eecce70c
SHA1

2cc38eab42c254eb2442b8501ca3b38768f9af8b
SHA256

a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786
SHA512

3a4fd780c4b6c96627266e437471bb5c11f997fcbb126ce51640969e4075305a089cd61959b2b305a0022c8e56680af2a68b3382c57bd3a200e543efe931f6cb
SSDEEP

24576:/dsuNOCN8loXWfgLYeuQaTjCjsyYPDsseHtHwKF3nMMMMMMal:2uY28SUgLYOsTqMMMMMM

Score

7^/10

persistence

Malware Config

Signatures

Modifies system executable filetype association 2 TTPs 4 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\WinRAR.exe\" \"%1\""	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\DefaultIcon	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\ = "RAR 恢复卷"	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR32	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WinRAR.exe,0"	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\ = "WinRAR 压缩文件"	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR32	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR32	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR32	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\DefaultIcon	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\WinRAR.exe\" \"%1\""	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR32	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\WinRAR32	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\ = "WinRAR ZIP 压缩文件"	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rev\ = "WinRAR.REV"	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2904	a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe

C:\Users\Admin\AppData\Local\Temp\a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe
"C:\Users\Admin\AppData\Local\Temp\a75f008135d4f8fcaa87c35fcb848650e91f53e7377a52cef71d01d623e5a786.exe"
1⤵
- Modifies system executable filetype association
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2904-0-0x0000000000F30000-0x0000000001090000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads