Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
01-02-2024 10:56
Static task
static1
Behavioral task
behavioral1
Sample
86b7b7ba056bd0cbbbca84e0dd4e7dd5.rar
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
86b7b7ba056bd0cbbbca84e0dd4e7dd5.rar
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
Avira_AntiVir_Premium_En_Activation Key-2012/Avira_AntiVir_Premium_En_Activation Key-2012.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
Avira_AntiVir_Premium_En_Activation Key-2012/Avira_AntiVir_Premium_En_Activation Key-2012.exe
Resource
win10v2004-20231215-en
General
-
Target
86b7b7ba056bd0cbbbca84e0dd4e7dd5.rar
-
Size
67KB
-
MD5
86b7b7ba056bd0cbbbca84e0dd4e7dd5
-
SHA1
92323da9042e6770ee73d50fac896b9412483629
-
SHA256
de215fbe071105e63bad7cf6cb488ca8fa3ac6402c3e679b6f24bbf228fad218
-
SHA512
745959c485d33787c76f1377927d895a2e8971cf7f16686e1ad6f1f6e38b896e4442502c76c00fd505e66b70dabce1894732916c9ac019ad971bbe6b6356f36b
-
SSDEEP
1536:T/aqvRvzMqDqfA6HvG5SvjbDu8iHYWN8RyBVn7hOlwJSx1M:TiqvJzefA6Hv5bf884BVn7IWgM
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
7zFM.exepid Process 2716 7zFM.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
7zFM.exedescription pid Process Token: SeRestorePrivilege 2716 7zFM.exe Token: 35 2716 7zFM.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
7zFM.exepid Process 2716 7zFM.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid Process procid_target PID 2180 wrote to memory of 2716 2180 cmd.exe 29 PID 2180 wrote to memory of 2716 2180 cmd.exe 29 PID 2180 wrote to memory of 2716 2180 cmd.exe 29
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\86b7b7ba056bd0cbbbca84e0dd4e7dd5.rar1⤵
- Suspicious use of WriteProcessMemory
PID:2180 -
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\86b7b7ba056bd0cbbbca84e0dd4e7dd5.rar"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2716
-