Analysis
-
max time kernel
1860s -
max time network
1161s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
04-12-2024 10:54
Static task
static1
Behavioral task
behavioral1
Sample
winrar-x64-701.exe
Resource
win11-20241007-en
windows11-21h2-x64
3 signatures
1800 seconds
Behavioral task
behavioral2
Sample
winrar-x64-701.exe
Resource
win11-20241007-en
windows11-21h2-x64
2 signatures
1800 seconds
General
-
Target
winrar-x64-701.exe
-
Size
3.8MB
-
MD5
46c17c999744470b689331f41eab7df1
-
SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c
-
SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a
-
SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6
-
SSDEEP
98304:6NRBOBfKgQIm9EOTqw8vjh9Ac9nUNupK4hVvcF+yHrAr:sR/gmeOqv7Ac9F0kB
Score
1/10
Malware Config
Signatures
-
Modifies data under HKEY_USERS 15 IoCs
description ioc Process Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "200" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" LogonUI.exe -
Suspicious behavior: LoadsDriver 64 IoCs
pid Process 2356 Process not Found 4788 Process not Found 3300 Process not Found 3932 Process not Found 1620 Process not Found 5028 Process not Found 2464 Process not Found 3816 Process not Found 4400 Process not Found 4536 Process not Found 1680 Process not Found 3764 Process not Found 3028 Process not Found 3320 Process not Found 3532 Process not Found 2004 Process not Found 1640 Process not Found 1264 Process not Found 4528 Process not Found 2320 Process not Found 1892 Process not Found 3688 Process not Found 3672 Process not Found 2316 Process not Found 1976 Process not Found 1392 Process not Found 4176 Process not Found 676 Process not Found 1852 Process not Found 1336 Process not Found 992 Process not Found 4956 Process not Found 3484 Process not Found 5108 Process not Found 4000 Process not Found 4228 Process not Found 3020 Process not Found 4932 Process not Found 4600 Process not Found 4636 Process not Found 688 Process not Found 3160 Process not Found 3380 Process not Found 4936 Process not Found 4236 Process not Found 2604 Process not Found 5104 Process not Found 4352 Process not Found 248 Process not Found 756 Process not Found 4428 Process not Found 3604 Process not Found 1796 Process not Found 3340 Process not Found 200 Process not Found 3844 Process not Found 3832 Process not Found 4360 Process not Found 3052 Process not Found 2124 Process not Found 772 Process not Found 704 Process not Found 1028 Process not Found 4052 Process not Found -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2604 winrar-x64-701.exe 2604 winrar-x64-701.exe 4312 LogonUI.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\winrar-x64-701.exe"C:\Users\Admin\AppData\Local\Temp\winrar-x64-701.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:2604
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\ad21e4a909874f408f84ded20a68da1a /t 3096 /p 26041⤵PID:5104
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3a7d855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4312