Analysis
-
max time kernel
134s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29-05-2024 01:21
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe
-
Size
1.1MB
-
MD5
965ae505bc88454f38a673208a263948
-
SHA1
955f7eb9c71adde22337aa6222e2b2271de345f8
-
SHA256
8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321
-
SHA512
40a78ed10fa243eec8063eea13f91233027896a8995502625b30f32967f6a78e813ac72002de951dd475cc5c6ca280927825739df8f6f574844852d709036570
-
SSDEEP
24576:sd41wIxFYo+XywXUsVbxXYuouO2FKnMMMMMMOhs:vLSiwXUsLDokWMMMMMMH
Score
7/10
Malware Config
Signatures
-
Modifies system executable filetype association 2 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\DefaultIcon 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open\command 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.rev 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR32 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\ = "WinRAR 压缩文件" 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.rev\ = "WinRAR.REV" 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\WinRAR.exe\" \"%1\"" 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\ = "WinRAR ZIP 压缩文件" 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WinRAR.exe,1" 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\WinRAR.exe\" \"%1\"" 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WinRAR.exe,0" 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR32 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\DefaultIcon 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\WinRAR.exe\" \"%1\"" 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\ = "RAR 恢复卷" 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR32 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\WinRAR 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ 8ef42803f1335e9aca458546037e2cffea216ee5b89cc8940e331632ce0db321.exe