Overview
overview
10Static
static
10update.zip
windows7_x64
1update.zip
windows10-2004_x64
1freebl3.dll
windows7_x64
1freebl3.dll
windows10-2004_x64
1mozglue.dll
windows7_x64
3mozglue.dll
windows10-2004_x64
3msvcp140.dll
windows7_x64
3msvcp140.dll
windows10-2004_x64
nss3.dll
windows7_x64
1nss3.dll
windows10-2004_x64
3softokn3.dll
windows7_x64
3softokn3.dll
windows10-2004_x64
3sqlite3.dll
windows7_x64
3sqlite3.dll
windows10-2004_x64
3vcruntime140.dll
windows7_x64
3vcruntime140.dll
windows10-2004_x64
3Analysis
-
max time kernel
71s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
23-05-2022 11:35
Static task
static1
Behavioral task
behavioral1
Sample
update.zip
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
update.zip
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
freebl3.dll
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
freebl3.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
mozglue.dll
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
mozglue.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
msvcp140.dll
Resource
win7-20220414-en
Behavioral task
behavioral8
Sample
msvcp140.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral9
Sample
nss3.dll
Resource
win7-20220414-en
Behavioral task
behavioral10
Sample
nss3.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral11
Sample
softokn3.dll
Resource
win7-20220414-en
Behavioral task
behavioral12
Sample
softokn3.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral13
Sample
sqlite3.dll
Resource
win7-20220414-en
Behavioral task
behavioral14
Sample
sqlite3.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral15
Sample
vcruntime140.dll
Resource
win7-20220414-en
Behavioral task
behavioral16
Sample
vcruntime140.dll
Resource
win10v2004-20220414-en
General
-
Target
update.zip
-
Size
1.5MB
-
MD5
66cf4ebdceedecd9214caab7ca87908d
-
SHA1
8b0b4d9ad3afbabddcc3d7011398ee003ebe9b20
-
SHA256
1a3fdfcb35b5811ea082bd308b0b1bf6dfdabbf527772ba1c6e69a7390e0b674
-
SHA512
7a84c33b3ac1946dce357d7d6a9529b634a1b5ed04e8198c2c7837b24d84f927175d888d227be6f8ec42bbd81896d2721899d52e05b62f809adf93870cc21761
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
7zG.exedescription pid process Token: SeRestorePrivilege 316 7zG.exe Token: 35 316 7zG.exe Token: SeSecurityPrivilege 316 7zG.exe Token: SeSecurityPrivilege 316 7zG.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
7zG.exepid process 316 7zG.exe
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\update.zip1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\update\" -spe -an -ai#7zMap4122:92:7zEvent195981⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow