Overview
overview
7Static
static
3My Program/Afdbr.ico
windows10-2004-x64
3My Program/Afdbr.ico
windows11-21h2-x64
3My Program...cy.exe
windows10-2004-x64
1My Program...cy.exe
windows11-21h2-x64
1My Program...AR.exe
windows10-2004-x64
5My Program...AR.exe
windows11-21h2-x64
6My Program...00.exe
windows10-2004-x64
7My Program...00.exe
windows11-21h2-x64
7Analysis
-
max time kernel
93s -
max time network
100s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
02-12-2024 18:47
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
My Program/Afdbr.ico
Resource
win10v2004-20241007-en
windows10-2004-x64
1 signatures
120 seconds
Behavioral task
behavioral2
Sample
My Program/Afdbr.ico
Resource
win11-20241007-en
windows11-21h2-x64
1 signatures
120 seconds
Behavioral task
behavioral3
Sample
My Program/RockerLegacy.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
1 signatures
120 seconds
Behavioral task
behavioral4
Sample
My Program/RockerLegacy.exe
Resource
win11-20241007-en
windows11-21h2-x64
1 signatures
120 seconds
Behavioral task
behavioral5
Sample
My Program/RockerLegacy/WinRAR.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
5 signatures
120 seconds
Behavioral task
behavioral6
Sample
My Program/RockerLegacy/WinRAR.exe
Resource
win11-20241007-en
windows11-21h2-x64
9 signatures
120 seconds
Behavioral task
behavioral7
Sample
My Program/unins000.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
6 signatures
120 seconds
Behavioral task
behavioral8
Sample
My Program/unins000.exe
Resource
win11-20241007-en
windows11-21h2-x64
6 signatures
120 seconds
General
-
Target
My Program/RockerLegacy/WinRAR.exe
-
Size
3.1MB
-
MD5
53cf9bacc49c034e9e947d75ffab9224
-
SHA1
7db940c68d5d351e4948f26425cd9aee09b49b3f
-
SHA256
3b214fd9774c6d96332e50a501c5e467671b8b504070bbb17e497083b7e282c3
-
SHA512
44c9154b1fdbcf27ab7faee6be5b563a18b2baead3e68b3ea788c6c76cf582f52f3f87bd447a4f6e25ec7d4690761332211659d754fb4e0630c22a372e470bda
-
SSDEEP
49152:olh7WxDi+U/pcCz7PZTZlzdOZlUkJLF1Uac+3+fESa6HYlGBzNwui0hBdH3XK:oMgZeD+hBBquTBpnK
Score
5/10
Malware Config
Signatures
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Modifies system executable filetype association 2 TTPs 8 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32 WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} WinRAR.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.rev\ = "WinRAR.REV" WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\DefaultIcon WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ = "WinRAR" WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\My Program\\RockerLegacy\\WinRAR.exe,1" WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\DefaultIcon WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR32 WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.rev WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\My Program\\RockerLegacy\\WinRAR.exe,0" WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ = "WinRAR" WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR32 WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR32 WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open\command WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\ = "RAR recovery volume" WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment" WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\My Program\\RockerLegacy\\rarext32.dll" WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\My Program\\RockerLegacy\\WinRAR.exe\" \"%1\"" WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32 WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\My Program\\RockerLegacy\\WinRAR.exe,0" WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment" WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\My Program\\RockerLegacy\\WinRAR.exe\" \"%1\"" WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open WinRAR.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" WinRAR.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ WinRAR.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4124 WinRAR.exe 4124 WinRAR.exe