47c93f0a295867a3140de9e1fd3bfeccdd02fb3bbc82b93ee7e3f8a759f585ab

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11-02-2024 18:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Application65c9095380496.rar
Size

7.9MB
MD5

1eef11e912ec086f8c9ce16257eb8bcc
SHA1

c2f48718abcfc2d7dc9cf64e669a8a86238d3e67
SHA256

47c93f0a295867a3140de9e1fd3bfeccdd02fb3bbc82b93ee7e3f8a759f585ab
SHA512

11bd1ed1f397448902bc5a58b70cb3beb0b57d5ef6a95f33b5d63e02bd610c8602a34cb7b8104e842c56748817d31f91e838155765b5596e3f94e04f4d827062
SSDEEP

196608:r3VQq12Ro+k2LcM6L7f9+mzWKhKSw901hyNcEIi+je0ydUp7/:rDoy+k2Jcf9+NqHyNcEIi+CSp7/

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

7zFM.exe

description pid process

Token: SeRestorePrivilege 2752 7zFM.exe
Token: 35 2752 7zFM.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

7zFM.exe

pid process

2752 7zFM.exe

description	pid	process
Token: SeRestorePrivilege	2752	7zFM.exe
Token: 35	2752	7zFM.exe

pid	process
2752	7zFM.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 2976 wrote to memory of 2752	2976	cmd.exe	7zFM.exe
PID 2976 wrote to memory of 2752	2976	cmd.exe	7zFM.exe
PID 2976 wrote to memory of 2752	2976	cmd.exe	7zFM.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Application65c9095380496.rar
1⤵
- Suspicious use of WriteProcessMemory
PID:2976

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Application65c9095380496.rar"
2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2752

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads