Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
11-02-2024 18:01
Static task
static1
Behavioral task
behavioral1
Sample
Application65c9095380496.rar
Resource
win7-20231215-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
Application65c9095380496.rar
Resource
win10v2004-20231215-en
windows10-2004-x64
21 signatures
150 seconds
General
-
Target
Application65c9095380496.rar
-
Size
7.9MB
-
MD5
1eef11e912ec086f8c9ce16257eb8bcc
-
SHA1
c2f48718abcfc2d7dc9cf64e669a8a86238d3e67
-
SHA256
47c93f0a295867a3140de9e1fd3bfeccdd02fb3bbc82b93ee7e3f8a759f585ab
-
SHA512
11bd1ed1f397448902bc5a58b70cb3beb0b57d5ef6a95f33b5d63e02bd610c8602a34cb7b8104e842c56748817d31f91e838155765b5596e3f94e04f4d827062
-
SSDEEP
196608:r3VQq12Ro+k2LcM6L7f9+mzWKhKSw901hyNcEIi+je0ydUp7/:rDoy+k2Jcf9+NqHyNcEIi+CSp7/
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
7zFM.exedescription pid process Token: SeRestorePrivilege 2752 7zFM.exe Token: 35 2752 7zFM.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
7zFM.exepid process 2752 7zFM.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 2976 wrote to memory of 2752 2976 cmd.exe 7zFM.exe PID 2976 wrote to memory of 2752 2976 cmd.exe 7zFM.exe PID 2976 wrote to memory of 2752 2976 cmd.exe 7zFM.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Application65c9095380496.rar1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Application65c9095380496.rar"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow