Analysis
-
max time kernel
71s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
23-05-2022 11:35
General
-
Target
update.zip
-
Size
1.5MB
-
MD5
66cf4ebdceedecd9214caab7ca87908d
-
SHA1
8b0b4d9ad3afbabddcc3d7011398ee003ebe9b20
-
SHA256
1a3fdfcb35b5811ea082bd308b0b1bf6dfdabbf527772ba1c6e69a7390e0b674
-
SHA512
7a84c33b3ac1946dce357d7d6a9529b634a1b5ed04e8198c2c7837b24d84f927175d888d227be6f8ec42bbd81896d2721899d52e05b62f809adf93870cc21761
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\update.zip1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\update\" -spe -an -ai#7zMap4122:92:7zEvent195981⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow