Analysis

  • max time kernel
    133s
  • max time network
    151s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    15-08-2024 12:55

General

  • Target

    env/Scripts/dist/WinRAR/WinRAR.exe

  • Size

    2.4MB

  • MD5

    a40c46ea3459f9ac799e87b1945710f1

  • SHA1

    3128a1535e4c7dfc15581bb171e84c8bcdf29635

  • SHA256

    a7814203d7a5124fda5c48e02c2856694d584f458f00bb695d63b61d9c3f9005

  • SHA512

    50be2d8da71d88082cf0162f459b65b5e4e9b422ebad72d1b7005f5a0c9d69678b0054708244561a26abc9b1afcb40cc73a197809540148e71886900a10e5317

  • SSDEEP

    49152:flLEkH4q8hy1JWFeIrk/agsMod2ZPybt+9ZjeHzNQeyUHBdH3iQ:b4q8hyyCX6HKe9BpyQ

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Drops file in Windows directory 1 IoCs
  • Modifies system executable filetype association 2 TTPs 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\env\Scripts\dist\WinRAR\WinRAR.exe
    "C:\Users\Admin\AppData\Local\Temp\env\Scripts\dist\WinRAR\WinRAR.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Windows directory
    • Modifies system executable filetype association
    • Modifies registry class
    PID:3516

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads