9ff7d5dcacc3d3b623836810fbb64bc738758a53b87b752e80b37be17bcd47df

Analysis

max time kernel
147s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 20:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Flarial.Minimal.exe
Size

108KB
MD5

de3c444d2ad0732b8ca69e642e0cb2cc
SHA1

adff35bbaa0e9e7debb54660f2d49443d4e4f782
SHA256

8369ed0d7b39c6ef6cf953658ba82b3df1997ded31ae57548173dc4c4ebe8a26
SHA512

cac304c03e9304d11871fd2c3ab163ea1b1fe086437652bc87e7f40f687f21fb5210814f1d6486352cadd22f6b7b12eb121210cb72673e40f715ee3e78eba6bb
SSDEEP

1536:qPTLuWwfmBXPPjffxBp0HdpDFnz0STlmylkRM6ngypZ6AWO:q3uiVjhBp09pD9Jl/lkHZpZ6A

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
5	raw.githubusercontent.com
8	raw.githubusercontent.com
9	raw.githubusercontent.com
10	raw.githubusercontent.com
11	raw.githubusercontent.com
13	raw.githubusercontent.com
14	raw.githubusercontent.com
4	raw.githubusercontent.com

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\discord-1067854754518151168\shell	Flarial.Minimal.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\discord-1067854754518151168\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Flarial.Minimal.exe"	Flarial.Minimal.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\discord-1067854754518151168	Flarial.Minimal.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\discord-1067854754518151168\ = "URL:Run game 1067854754518151168 protocol"	Flarial.Minimal.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\discord-1067854754518151168\shell\open\command	Flarial.Minimal.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\discord-1067854754518151168\shell\open	Flarial.Minimal.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\discord-1067854754518151168\URL Protocol	Flarial.Minimal.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\discord-1067854754518151168\DefaultIcon	Flarial.Minimal.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\discord-1067854754518151168\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Flarial.Minimal.exe"	Flarial.Minimal.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3000	Flarial.Minimal.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3000	Flarial.Minimal.exe

C:\Users\Admin\AppData\Local\Temp\Flarial.Minimal.exe
"C:\Users\Admin\AppData\Local\Temp\Flarial.Minimal.exe"
1⤵
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd5e6c72156935672be929b1fdd73a7d

SHA1
d8e76052783bf3c18a28927dadcb5382ea9c648d

SHA256
38e93d00837a0c7d58f7f0616a9ee767cdbad6978cc500aa4fc8621ee3bbc826

SHA512
f7d7e3cd0c598f6b2d0a7ca954e6697945def5758bf6df46f1bced60759836dd769c20102f5e8dc13360095f9d3b0b367c1e32ae5a7ee5895a9d2071be635072

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba70ff71a02eed8ab66b7ec7feed28f8

SHA1
3abe59210838b13e214e5f741065f8287b42a587

SHA256
7909f71dc0e9094b1c54843d96585668593d0b89f83f2efcec5ec2336278c824

SHA512
8ee032d3bcc8a40c98bd32e088de5ddc98b472a56c864f530bc288fdbf2d44b81d8dd70f6b6849e820e6cf8b816046b5304641ae59545975b0c8c96f1177fe5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c72a9860b3671d1e90b68c616c376035

SHA1
f516a89e683b6ba46a712cd41d7a73cbcd8f2172

SHA256
cb6d1fe5ca48c5ee0244311b1a2f88948bc9852376bf702450ce754197ae8696

SHA512
8d32448fc2a41c0e10cb8788472f3807dcfcc5f7af6822c04a268e43c5cf1218f9f5d27294148164573ac8ec5ac4779979e5a173cd49566196238ff711737ab2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40835f03b7cf3665a3a56a0a9897dae8

SHA1
bcede5905ae58e5024c9fd9ad45ecdddcc259cd4

SHA256
db68e9d74023aec5e68376ae5d1e5338b7ca244f73f082489adc719b02067cf9

SHA512
924274bbc159a6bda8b323d404c06a20ae33c2862f7f07861b39aaad734bc3400f730717945c2eb3c928414f71704648c1c5ca3a4952ef03128c9ee37085453f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b32df6592f8fbdc650097b5f47abe869

SHA1
65d22e9e611a63011aae0957403c0bdbef82be50

SHA256
9e851374791b936a9715ec500df44a8b4ec2d6f15d0810d834b0497f49f7f103

SHA512
0dc81bec1b6bd6e914fe1b344cc98a7b2ae3c5ec0ca1c0436f5ba4287fcedb26bd7bca764896ca7577886c0e5aa93bd60ca6d3cb15ed4b0e4d572ada9a77d011

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7532e14c8ddf3e98b023480f37116e60

SHA1
88e5de9d4152ca677cadb7d0938fca214ea8f5f2

SHA256
70a8ad8438bc06a6b4f12e7ad08b0d097ee67a19c66c32b1801167c86306ae1e

SHA512
7d646581eded9bb68329a0b7a16189ff96f46444f39dac7bf85bd87f9f26121d0febd3961c4e905e0ca95e838a14ff2f79896f0ec7f31060d85f242b18013bf1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
018e3ef0adc74c952b82547cd8194a57

SHA1
8d1387af62b0cd558dc4ebd994c3ce46864966ad

SHA256
0e2eb53af0294828a028e79f2462f0857c95075d42cc4afeafa5bc7bb2a74d15

SHA512
c6008e493d02a8193b6e64b3ac315a5fccd2b8ff9770997c654f2141459640f2487c57f01f451f2a81dab4ed815c0f5bec1cddde6360415a55be1993c84d88e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85fa87bf92f29950c82372e5e4b331bb

SHA1
fe3a679db59e3555a4ff44fc0524b07031816866

SHA256
623e985f64861bd3ba1c3e5f109bc1dbd74e2705dc1903b35938f14f190378c5

SHA512
a986f42c87c6a47122b4e91676940eb0d4e5c46b77e1961a6238e81e4ff69ff7c85ff31a72ca0bd891f20a9be01fb228def4e9a3099ef0b014e82dfa43a77239

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b583cbe0f88cf429a406c7662b889a2

SHA1
954d9ea64bd3074482d896952c075cb4b8e209c9

SHA256
0914ea60e8c8df14791d4611ce7648b78feb5af3b1684bdeca02b0b55b50df07

SHA512
36170f23818ce873a2a5ccbb4b8c9dee5ddb75323ab434518167b609b1942f906bd74a2316f0e0a7e69bb183c2e73ada3af901b0fe49f6e4a70195ffcc939716

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61efd2acc8ceda6696d80f6b47d1fa71

SHA1
6a907e3de77118c56e0a366a5c493bae6d04d4b5

SHA256
221b867b3c12c7db53913ad8869244d649091577680c8f8b5ffe1d748e7869df

SHA512
ea0fde799fe3434af8b1f6d5ab037bb9c44a25f497b1e942833414c6eeb64088418a100532f2411451d60cba135535abdc4bfb23320c284a9e2643f596c6c6a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b0d161593c0c3004c654ed2331a6570

SHA1
136d26aa6aa6a32d105f3bda9274e2564c3dfb88

SHA256
327506e04dc8709ff8c96dbdf6095cd1eecf04d075f57ce7a48ebdd10ac45139

SHA512
6357368aca1faa90a9af64b0d2a70d325c31249c8054493e18a8c9b9fc1b08db20ac9b9077cc50508e1092cbe855308b2964e31af5285ddf10fb7edcfd9f099e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC45A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC47C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit