Analysis
-
max time kernel
123s -
max time network
89s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
19-12-2022 21:32
Static task
static1
Behavioral task
behavioral1
Sample
65e509ba0ec10d28c4183dbb7910374e4ec664bdd276e37d9c0ca2ce479772bf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
65e509ba0ec10d28c4183dbb7910374e4ec664bdd276e37d9c0ca2ce479772bf
Resource
win10v2004-20221111-en
General
-
Target
65e509ba0ec10d28c4183dbb7910374e4ec664bdd276e37d9c0ca2ce479772bf
-
Size
2.7MB
-
MD5
2a52de53972a801102ebf18f68a152f5
-
SHA1
335d037805e52deb3b604cb0838c4f8bf6f67fec
-
SHA256
65e509ba0ec10d28c4183dbb7910374e4ec664bdd276e37d9c0ca2ce479772bf
-
SHA512
862e4d9eb09c59bd661dee3fe6914b1e7b88c1a99f353da6c3de310a9d1abf2c09d71ef12f375ce7e3a155909454d1d7ae7afedb1318746e443b188e71c67c8d
-
SSDEEP
24576:+wkH3QY3UZp/g+/GomPS0AuYOW+EzI7L/Cge89x0Jh23NFEi:+5AMUHsJAuYOWnzGi89mJh2dFEi
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
Processes:
7zG.exeAUDIODG.EXE7zG.exedescription pid process Token: SeRestorePrivilege 1876 7zG.exe Token: 35 1876 7zG.exe Token: SeSecurityPrivilege 1876 7zG.exe Token: SeSecurityPrivilege 1876 7zG.exe Token: 33 1400 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1400 AUDIODG.EXE Token: 33 1400 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1400 AUDIODG.EXE Token: SeRestorePrivilege 988 7zG.exe Token: 35 988 7zG.exe Token: SeSecurityPrivilege 988 7zG.exe Token: SeSecurityPrivilege 988 7zG.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
7zG.exe7zG.exepid process 1876 7zG.exe 988 7zG.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\65e509ba0ec10d28c4183dbb7910374e4ec664bdd276e37d9c0ca2ce479772bf1⤵
-
C:\Windows\system32\verclsid.exe"C:\Windows\system32\verclsid.exe" /S /C {0B2C9183-C9FA-4C53-AE21-C900B0C39965} /I {0C733A8A-2A1C-11CE-ADE5-00AA0044773D} /X 0x4011⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\65e509ba0ec10d28c4183dbb7910374e4ec664bdd276e37d9c0ca2ce479772bf\" -spe -an -ai#7zMap11079:208:7zEvent182631⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5801⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\" -an -ai#7zMap8915:208:7zEvent7491⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1348-54-0x000007FEFB931000-0x000007FEFB933000-memory.dmpFilesize
8KB