9ff7d5dcacc3d3b623836810fbb64bc738758a53b87b752e80b37be17bcd47df

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 20:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Flarial.Minimal.exe
Size

108KB
MD5

de3c444d2ad0732b8ca69e642e0cb2cc
SHA1

adff35bbaa0e9e7debb54660f2d49443d4e4f782
SHA256

8369ed0d7b39c6ef6cf953658ba82b3df1997ded31ae57548173dc4c4ebe8a26
SHA512

cac304c03e9304d11871fd2c3ab163ea1b1fe086437652bc87e7f40f687f21fb5210814f1d6486352cadd22f6b7b12eb121210cb72673e40f715ee3e78eba6bb
SSDEEP

1536:qPTLuWwfmBXPPjffxBp0HdpDFnz0STlmylkRM6ngypZ6AWO:q3uiVjhBp09pD9Jl/lkHZpZ6A

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
11	raw.githubusercontent.com
12	raw.githubusercontent.com

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\discord-1067854754518151168	Flarial.Minimal.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\discord-1067854754518151168\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Flarial.Minimal.exe"	Flarial.Minimal.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\discord-1067854754518151168\shell\open\command	Flarial.Minimal.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\discord-1067854754518151168\ = "URL:Run game 1067854754518151168 protocol"	Flarial.Minimal.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\discord-1067854754518151168\URL Protocol	Flarial.Minimal.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\discord-1067854754518151168\DefaultIcon	Flarial.Minimal.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\discord-1067854754518151168\shell	Flarial.Minimal.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\discord-1067854754518151168\shell\open	Flarial.Minimal.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\discord-1067854754518151168\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Flarial.Minimal.exe"	Flarial.Minimal.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1352	Flarial.Minimal.exe

C:\Users\Admin\AppData\Local\Temp\Flarial.Minimal.exe
"C:\Users\Admin\AppData\Local\Temp\Flarial.Minimal.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Resources\logo.png

Filesize
4KB

MD5
40facc27a2eb58421e953328c145d122

SHA1
ba5b72e445a3c283207e523e809a244b1527fe81

SHA256
33bd60ef2663833fcb2d8506c8cddd65d781ac5b429090ccd973f2f7ef351564

SHA512
6b9399b746997339de080cd096951edb7ba85915e4f9897a9b95399708af1e206021fb5d99e9f7687bfac74a0591d477392136988b5c9207d657f8660ee0a05b

Download Submit