Overview

overview

7

Static

static

3

1a953973ae...18.exe

windows7-x64

7

1a953973ae...18.exe

windows10-2004-x64

7

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Coral.dll

windows7-x64

3

Coral.dll

windows10-2004-x64

3

Coral.exe

windows7-x64

6

Coral.exe

windows10-2004-x64

6

CoralApp.dll

windows7-x64

1

CoralApp.dll

windows10-2004-x64

3

CoralDb.dll

windows7-x64

3

CoralDb.dll

windows10-2004-x64

3

CoralDownload.dll

windows7-x64

3

CoralDownload.dll

windows10-2004-x64

3

CoralRender.dll

windows7-x64

1

CoralRender.dll

windows10-2004-x64

3

CoralTrident.dll

windows7-x64

3

CoralTrident.dll

windows10-2004-x64

3

CoralUI.dll

windows7-x64

1

CoralUI.dll

windows10-2004-x64

3

CoralUI2.dll

windows7-x64

3

CoralUI2.dll

windows10-2004-x64

3

CoralUpdate.dll

windows7-x64

3

CoralUpdate.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-07-2024 08:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Coral.exe

  • Size

    391KB

  • MD5

    f22c19dda6a7b1ee28a17c96da81708a

  • SHA1

    2e562cd48ac73b66fdfe66389c57b05abc205be2

  • SHA256

    2f54d182dc21951bf4bc083bc479bf5afa7fc3ce2bc0d4153fc122824d94ea43

  • SHA512

    9c370d716f88db992e424f6899a50962eea9f19478022263c95cdc06d15d5663e8a25c2dede8b6728407e75b8c201fa162b91e5b747188f77e37b83c1c37234b

  • SSDEEP

    6144:H0bHfnkqOFQl7ZpbJelj7vC18dViTXCix327:UTfOG7ZpbJ0LXibC97

Score
6/10
bootkitevasionpersistencetrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Coral.exe
    "C:\Users\Admin\AppData\Local\Temp\Coral.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4940
    • C:\Users\Admin\AppData\Local\Temp\Coral.exe
      --type=render --channel=Coral.Pipe.Event.Write.{67E3CF0B-09F2-4687-B742-989927048ADF}?Coral.Pipe.Event.Read.{1624731F-A4E3-4AF9-AB9D-7853248AB902}?Coral.Pipe.Write.D.{016ED085-66CF-4062-9628-6895EE8E4EAB}?Coral.Pipe.Read.D.{E96A384A-11C6-4E9F-B740-5D64FC4DCD52} --parent_channel=4940
      2⤵
      • Checks whether UAC is enabled
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:4476

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\CoralExplorer\Users\Default\Default.cfg
    Filesize

    29B

    MD5

    99fb8e84b8aa92889349054a60e1f359

    SHA1

    1b3dd1afb4fe4533ca16db4dd3e7845c13b0e1c5

    SHA256

    5313e624a817ebcb34675027d12b87465de4fc4fdddfdd74d244490c4911b8e4

    SHA512

    2a99095109445c3ca1b9fad5c87fdfed331641401ca8d19d3ab4d109e18b9dc5feb739485f14f390bd3bcfa3a4325e3b1278fe1bb8690dd8df16edb9af52faac

    Download Submit

  • C:\Users\Admin\AppData\Roaming\CoralExplorer\Users\Default\Default.cfg
    Filesize

    1KB

    MD5

    4b2e341e43a0a0ba467ba4d5e63b8c15

    SHA1

    2d6893b7e58e0cd04886f1f249a8b6ecee3f14ad

    SHA256

    146532e4a21d9040b224ddbdc48ed947b8b7f4a010cf84909ba1747bf31a1c8b

    SHA512

    0c84dcb9a980d82255b1d7e73002630b0f5ecb229a939123da877cd463a2ec08b8906d8fb880b6bff51ce98408e226e12c5bd6b7b9e71e8b1064a0d274f075b5

    Download Submit

  • C:\Users\Admin\AppData\Roaming\CoralExplorer\Users\Default\Favorites.data
    Filesize

    12KB

    MD5

    5db82a5792cf5f9d090a6e6524e3ba39

    SHA1

    6b9e6901dcf49156c4b16ae18920cd49d8ca460e

    SHA256

    1950e76406ab2835d102effb40e68594299db58266d9fe2d8cea64dbf306d6d5

    SHA512

    68940754c9ed78ccb0dbe761768abe9329511713d9b8c6650a65c95ad6b51d5cb4e5a2a1cb2d209969bb1a609e382b16e4e34985428dd6c4507892aa28711b7e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\CoralExplorer\Users\Default\SmartUrl.data
    Filesize

    13KB

    MD5

    3ae66c004be7509939b5dcb8bbe8988f

    SHA1

    0737768985874cb0e3187c91aca886fac056e1ad

    SHA256

    c79a6aaaa5a0e83a5ba8fcf1caf2a534b02051c304ea98b89752631391a78023

    SHA512

    841b9edbc45f421b1050f4b682d3f96c4083713bb4cfe3ac360f31f6be007fea7bdd7e2cac3ba050e5323be27130cd0c1b316069d383b0e472e089b0ff437d41

    Download Submit

  • C:\Users\Admin\AppData\Roaming\CoralExplorer\Users\Default\StartPageConfig.data
    Filesize

    2KB

    MD5

    819d5531372718e04f3591482dcb5181

    SHA1

    9bb415c3661a35e7912fdb4b12ad750c128bf857

    SHA256

    7caeb6c92434911ee27789f1a113c4fd3f1d4ec78003dec2c8e394f398af9c9d

    SHA512

    7a1ceb41364f2087401cc577f5d5ee202bad5523d7875aaf0c4cd2ca6326efda38b7e07dba72879767414f1d4aa2c8ac6900f5a09601f3dba8e21b30ba7ba4bb

    Download Submit

  • C:\Users\Admin\AppData\Roaming\CoralExplorer\Users\Default\SystemUrl.data
    Filesize

    885KB

    MD5

    69ba8f1ae84519627dc59b8ff35e1d71

    SHA1

    613057da9f0629654044e09957014d141b18db51

    SHA256

    eb2c3dfde241191030c486817b58404d0f68fc14fa4be83b51eef48a4d97ba78

    SHA512

    1e420eba50516f69445d596d303bb68963474f032f7610a95b337b354e46ebe7b50380cd25675f6d54bfbbdb99e006be7a03c4d00b2f6fc465769d53d4b9d755

    Download Submit

  • memory/4476-124-0x0000000002250000-0x0000000002354000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4476-126-0x0000000002020000-0x000000000206B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/4476-120-0x00000000005E0000-0x0000000000604000-memory.dmp

    Filesize

    144KB

    Download

  • memory/4476-153-0x0000000003AF0000-0x0000000003AF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4476-133-0x0000000002B30000-0x0000000002C01000-memory.dmp

    Filesize

    836KB

    Download

  • memory/4476-134-0x0000000002E00000-0x0000000002E80000-memory.dmp

    Filesize

    512KB

    Download

  • memory/4476-146-0x0000000003AF0000-0x0000000003AF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4940-109-0x0000000003640000-0x000000000368B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/4940-108-0x0000000003550000-0x0000000003621000-memory.dmp

    Filesize

    836KB

    Download

  • memory/4940-0-0x00000000024F0000-0x0000000002583000-memory.dmp

    Filesize

    588KB

    Download

  • memory/4940-136-0x0000000003D60000-0x0000000003E8F000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4940-138-0x0000000004530000-0x0000000004531000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4940-24-0x0000000003340000-0x0000000003444000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4940-111-0x0000000003830000-0x000000000398C000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/4940-152-0x0000000004530000-0x0000000004531000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4940-115-0x0000000004110000-0x000000000416B000-memory.dmp

    Filesize

    364KB

    Download