c76d2a8c1c8865b1aa6512e13b77cbc7446022b7be3378f7233c5ca4a5e58116

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 09:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/wrar51b2.exe
Size

1.7MB
MD5

484a7971860abf0191cdfe6ad2d2800f
SHA1

ff3bdff6da09e62efe823185038dd9c123bae1ee
SHA256

4ef40ac52b17915654d763e5e46443445a50522a6c930b417015509f1c0a8212
SHA512

6657849a57a31baa0b845a0172edf20d88f2d4b77dd639563d412650cf297e0e98e39806271d63691b4a6388e81bb7b1432a645fec6904729289c1d2fc8ab01a
SSDEEP

24576:yUnR8+5jA9ksfLcDYoXcOTrFHx49N/ueJAwSm55Tzu+1+z/Gj5KoLWm9PRZwnULg:/S+G9kUwoOTZxCTPxcoL9EMLS

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	wrar51b2.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2176	wrar51b2.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2176	wrar51b2.exe
2176	wrar51b2.exe

C:\Users\Admin\AppData\Local\Temp\$TEMP\wrar51b2.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\wrar51b2.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads