Overview

overview

7

Static

static

3

Trial.rar

windows10-2004-x64

7

Analysis

  • max time kernel
    124s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-06-2024 21:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Trial.rar

  • Size

    1.6MB

  • MD5

    549b2c45e765ea8436bba2b01f9bd72e

  • SHA1

    656ddffd4b13ffa8ed247432e05e0831434f531b

  • SHA256

    52ffb84b69061310e020a2e51e76948bee9696ae949dd384beb977917340384d

  • SHA512

    9f275e328241fba5a71cfc88b4f263227881d02e5f0d9e0565466f9fcf98ae74aa821646e5296be7f9174e76e207129493d64c48c9411db79da94c622592b610

  • SSDEEP

    49152:hBuNpWbgbg5CcTNw94GQkk/dN2y7DqiW++aGR:h+pWbgbgtGCXJGEtW++aGR

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 8 IoCs
    adwarespyware
  • Modifies registry class 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Trial.rar
    1⤵
    • Modifies registry class
    PID:1456
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1640
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4536
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\Trial\" -spe -an -ai#7zMap27940:90:7zEvent14672
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:1596
    • C:\Users\Admin\AppData\Local\Temp\Trial\space.exe
      "C:\Users\Admin\AppData\Local\Temp\Trial\space.exe"
      1⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1636
    • C:\Windows\system32\werfault.exe
      werfault.exe /h /shared Global\5f667fe88da84a6896b2e720342e04df /t 4872 /p 1636
      1⤵
        PID:2780
      • C:\Users\Admin\AppData\Local\Temp\Trial\space.exe
        "C:\Users\Admin\AppData\Local\Temp\Trial\space.exe"
        1⤵
        • Executes dropped EXE
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2284
      • C:\Windows\system32\werfault.exe
        werfault.exe /h /shared Global\666ad5651a8044fc84fdcfbae62b970d /t 3836 /p 2284
        1⤵
          PID:3236

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\Trial\Anonyme.deps.json
          Filesize

          2KB

          MD5

          e54c2747b42b2630aff7bfa1721b4cd4

          SHA1

          2fa891538a85bd0266a55c84c7b8283e0dd2802d

          SHA256

          54841ca1b259684cc962073a4be7f8dad786d33d94715a439f42c45674931609

          SHA512

          a29c71b6dac68162d3ba497db2f7c2869e2eae7d31ee8a1fe73aad136323382526176950db5ca90da4cfb9021bab213f9f4810243b53b11e0f281f168ab6b23c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Trial\Anonyme.dll
          Filesize

          15KB

          MD5

          ca8cf40bb99275306d2f9d89b0f675ee

          SHA1

          5f682da0e3798f589f6ffe0d2b66720f4826c8b6

          SHA256

          1c1455e2768a8a440481043fc64fbe1e6117cb39b646ce06d8a120c753eb6124

          SHA512

          b7c1b694be2d9746432369f4b3515d681aa64d285f59ea47cd0044f3087ef26fe2bd31332c6f9a8bc8af662337d4d0b2551e0c03711c48307c58bc5ea0543376

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Trial\Anonyme.runtimeconfig.json
          Filesize

          386B

          MD5

          186a65581e2f29258f54d396660409fa

          SHA1

          6f998d3be2e85cb5419205f867135874f27c0a3a

          SHA256

          e1e0974d0e8833375024eb7c78521b3b5cad4228aad22b23d506cbe702445844

          SHA512

          7dea87b523aab01ea3c794779b71bc0b52179e1d5e7b9a45539ddd39c775969ef22853c4c193699aec1e3fa3cbe26e90e3a4881226c52a3aacae1eac260ff896

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Trial\Monaco\index.html
          Filesize

          1KB

          MD5

          d1247757774200a3605149c9cc56f582

          SHA1

          9a5ab4c5e56de362eda0a3b764fc47e5c32248e3

          SHA256

          3edfc2c8120d191feebaae0a493cc7fa6ab95d03f8a716fcb7b332cd2b03d446

          SHA512

          b719c71ec99583421bd4d6a3791f609c844056b734fd22924ccf9ef0ccc4f20801e1e33b4a302c18f1081e90da737539ceb42af73c1b6e24632d204efb196d31

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Trial\Monaco\vs\loader.js
          Filesize

          27KB

          MD5

          8a3086f6c6298f986bda09080dd003b1

          SHA1

          8c7d41c586bfa015fb5cc50a2fdc547711b57c3c

          SHA256

          0512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9

          SHA512

          9e586742f4e19938132e41145deec584a7b8c7e111b3c6e9254f8d11db632ebe4d66898458ed7bcfc0614d06e20eb33d5a6a8eb8b32d91110557255cf1dbf017

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Trial\Solara\workspace\.tests\isfile.txt
          Filesize

          7B

          MD5

          260ca9dd8a4577fc00b7bd5810298076

          SHA1

          53a5687cb26dc41f2ab4033e97e13adefd3740d6

          SHA256

          aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

          SHA512

          51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Trial\space.exe
          Filesize

          139KB

          MD5

          691a71bc11dda217a63e66c5ae34ff1e

          SHA1

          6b52745d1c7adc436b77fe387c19bc685ab4c5b1

          SHA256

          745c2a5599add0d27cfa4c2401c6a0ab7a7c9450b78d7766e1204dc65347d9e6

          SHA512

          f37100ae770077b854e6d53c596aff56e006ed68869dd12dcf206942d44c3b511767418e2a29a0f887d1bdd5776fd5e6114cdaaf6a00d224a17c7c892ce465af

          Download Submit