c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

Analysis

max time kernel
121s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/12/2024, 20:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

winrar-x64-701.exe
Size

3.8MB
MD5

46c17c999744470b689331f41eab7df1
SHA1

b8a63127df6a87d333061c622220d6d70ed80f7c
SHA256

c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a
SHA512

4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6
SSDEEP

98304:6NRBOBfKgQIm9EOTqw8vjh9Ac9nUNupK4hVvcF+yHrAr:sR/gmeOqv7Ac9F0kB

Score

1^/10

Malware Config

Signatures

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
2728	ipconfig.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	winrar-x64-701.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2684	SystemPropertiesRemote.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
236	winrar-x64-701.exe
236	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2812 wrote to memory of 2728	2812	cmd.exe	33
PID 2812 wrote to memory of 2728	2812	cmd.exe	33
PID 2812 wrote to memory of 2728	2812	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\winrar-x64-701.exe
"C:\Users\Admin\AppData\Local\Temp\winrar-x64-701.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:236

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Windows\system32\ipconfig.exe
  ipconfig
  2⤵
  - Gathers network information
  PID:2728

C:\Windows\system32\SystemPropertiesRemote.exe
"C:\Windows\system32\SystemPropertiesRemote.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads