Overview

overview

7

Static

static

3

1a953973ae...18.exe

windows7-x64

7

1a953973ae...18.exe

windows10-2004-x64

7

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Coral.dll

windows7-x64

3

Coral.dll

windows10-2004-x64

3

Coral.exe

windows7-x64

6

Coral.exe

windows10-2004-x64

6

CoralApp.dll

windows7-x64

1

CoralApp.dll

windows10-2004-x64

3

CoralDb.dll

windows7-x64

3

CoralDb.dll

windows10-2004-x64

3

CoralDownload.dll

windows7-x64

3

CoralDownload.dll

windows10-2004-x64

3

CoralRender.dll

windows7-x64

1

CoralRender.dll

windows10-2004-x64

3

CoralTrident.dll

windows7-x64

3

CoralTrident.dll

windows10-2004-x64

3

CoralUI.dll

windows7-x64

1

CoralUI.dll

windows10-2004-x64

3

CoralUI2.dll

windows7-x64

3

CoralUI2.dll

windows10-2004-x64

3

CoralUpdate.dll

windows7-x64

3

CoralUpdate.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    01-07-2024 08:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Coral.exe

  • Size

    391KB

  • MD5

    f22c19dda6a7b1ee28a17c96da81708a

  • SHA1

    2e562cd48ac73b66fdfe66389c57b05abc205be2

  • SHA256

    2f54d182dc21951bf4bc083bc479bf5afa7fc3ce2bc0d4153fc122824d94ea43

  • SHA512

    9c370d716f88db992e424f6899a50962eea9f19478022263c95cdc06d15d5663e8a25c2dede8b6728407e75b8c201fa162b91e5b747188f77e37b83c1c37234b

  • SSDEEP

    6144:H0bHfnkqOFQl7ZpbJelj7vC18dViTXCix327:UTfOG7ZpbJ0LXibC97

Score
6/10
bootkitevasionpersistencetrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Coral.exe
    "C:\Users\Admin\AppData\Local\Temp\Coral.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1028
    • C:\Users\Admin\AppData\Local\Temp\Coral.exe
      --type=render --channel=Coral.Pipe.Event.Write.{AF88F2A0-7BF8-4CCD-B0EC-BEF4D14A3063}?Coral.Pipe.Event.Read.{47083433-A8FD-469B-A3E7-4636C75EFF30}?Coral.Pipe.Write.D.{6CCDC321-97CE-426A-B2E0-250AB87D8C1B}?Coral.Pipe.Read.D.{5B46AC2B-956C-484D-B8F2-BD7941885553} --parent_channel=1028
      2⤵
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:3044

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\CoralExplorer\Users\Default\Default.cfg
    Filesize

    29B

    MD5

    99fb8e84b8aa92889349054a60e1f359

    SHA1

    1b3dd1afb4fe4533ca16db4dd3e7845c13b0e1c5

    SHA256

    5313e624a817ebcb34675027d12b87465de4fc4fdddfdd74d244490c4911b8e4

    SHA512

    2a99095109445c3ca1b9fad5c87fdfed331641401ca8d19d3ab4d109e18b9dc5feb739485f14f390bd3bcfa3a4325e3b1278fe1bb8690dd8df16edb9af52faac

    Download Submit

  • C:\Users\Admin\AppData\Roaming\CoralExplorer\Users\Default\Default.cfg
    Filesize

    1KB

    MD5

    4b2e341e43a0a0ba467ba4d5e63b8c15

    SHA1

    2d6893b7e58e0cd04886f1f249a8b6ecee3f14ad

    SHA256

    146532e4a21d9040b224ddbdc48ed947b8b7f4a010cf84909ba1747bf31a1c8b

    SHA512

    0c84dcb9a980d82255b1d7e73002630b0f5ecb229a939123da877cd463a2ec08b8906d8fb880b6bff51ce98408e226e12c5bd6b7b9e71e8b1064a0d274f075b5

    Download Submit

  • C:\Users\Admin\AppData\Roaming\CoralExplorer\Users\Default\Favorites.data
    Filesize

    12KB

    MD5

    6b38a49a7e5fceec0e92b1023df2de05

    SHA1

    201ceaf94f38731e46749c12fd04edfa08ac3e55

    SHA256

    f2334a1bbc21def43967807d1618a4a96e9bb3d0f436d2af69b801db8f8c57d1

    SHA512

    74e1966625fd867122e55b3a75a14cd37fb9a318f0ff1f6a0d21e704a6eb08d00e289995f77c6c5dcfd26aff4d503798426af3a0c5736d69b8cf373057da9141

    Download Submit

  • C:\Users\Admin\AppData\Roaming\CoralExplorer\Users\Default\SmartUrl.data
    Filesize

    13KB

    MD5

    3ae66c004be7509939b5dcb8bbe8988f

    SHA1

    0737768985874cb0e3187c91aca886fac056e1ad

    SHA256

    c79a6aaaa5a0e83a5ba8fcf1caf2a534b02051c304ea98b89752631391a78023

    SHA512

    841b9edbc45f421b1050f4b682d3f96c4083713bb4cfe3ac360f31f6be007fea7bdd7e2cac3ba050e5323be27130cd0c1b316069d383b0e472e089b0ff437d41

    Download Submit

  • C:\Users\Admin\AppData\Roaming\CoralExplorer\Users\Default\StartPageConfig.data
    Filesize

    2KB

    MD5

    819d5531372718e04f3591482dcb5181

    SHA1

    9bb415c3661a35e7912fdb4b12ad750c128bf857

    SHA256

    7caeb6c92434911ee27789f1a113c4fd3f1d4ec78003dec2c8e394f398af9c9d

    SHA512

    7a1ceb41364f2087401cc577f5d5ee202bad5523d7875aaf0c4cd2ca6326efda38b7e07dba72879767414f1d4aa2c8ac6900f5a09601f3dba8e21b30ba7ba4bb

    Download Submit

  • C:\Users\Admin\AppData\Roaming\CoralExplorer\Users\Default\SystemUrl.data
    Filesize

    885KB

    MD5

    69ba8f1ae84519627dc59b8ff35e1d71

    SHA1

    613057da9f0629654044e09957014d141b18db51

    SHA256

    eb2c3dfde241191030c486817b58404d0f68fc14fa4be83b51eef48a4d97ba78

    SHA512

    1e420eba50516f69445d596d303bb68963474f032f7610a95b337b354e46ebe7b50380cd25675f6d54bfbbdb99e006be7a03c4d00b2f6fc465769d53d4b9d755

    Download Submit

  • memory/1028-115-0x0000000003D80000-0x0000000003DDB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1028-136-0x0000000003E30000-0x0000000003F5F000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1028-172-0x00000000040E0000-0x00000000040E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1028-25-0x0000000003050000-0x0000000003154000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1028-138-0x00000000040E0000-0x00000000040E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1028-0-0x00000000022D0000-0x0000000002363000-memory.dmp

    Filesize

    588KB

    Download

  • memory/1028-111-0x0000000003520000-0x000000000367C000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1028-108-0x0000000003360000-0x0000000003431000-memory.dmp

    Filesize

    836KB

    Download

  • memory/1028-109-0x0000000003440000-0x000000000348B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/3044-117-0x0000000000240000-0x0000000000264000-memory.dmp

    Filesize

    144KB

    Download

  • memory/3044-134-0x0000000002ED0000-0x0000000002F50000-memory.dmp

    Filesize

    512KB

    Download

  • memory/3044-124-0x0000000000320000-0x000000000036B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/3044-131-0x0000000002AF0000-0x0000000002BC1000-memory.dmp

    Filesize

    836KB

    Download

  • memory/3044-146-0x0000000003750000-0x0000000003751000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3044-120-0x0000000001EE0000-0x0000000001FE4000-memory.dmp

    Filesize

    1.0MB

    Download