Analysis
-
max time kernel
1169s -
max time network
1172s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
14/02/2024, 12:46
General
-
Target
hackingtools.rar
-
Size
45KB
-
MD5
3e226765d3e5a8b0c500c86092335e63
-
SHA1
52f4a1af88dd4dca42d3cd6a6dcb122390de7416
-
SHA256
570a0f0b034f80fe2dfd56de1f087ea47f6cb863b9c5f61adbaed96933af717e
-
SHA512
72b83512d850159ac0ae31a904ae02f13dbe19b0af3f2d53b78097d707ba6e5e1ea7208f0ee28fb0e0bec33b41e8017ba70b1ed59237cb9453e2c8cd0f650cf8
-
SSDEEP
768:bHJEBadrPIaEEIjJN0nej9G7+945KgBUtjXk8au3lND5lZ9cZ5j+gSXSR9SBTa+Y:7JE2PNnej9G7S+oXqu3lNx9cZ5DSXS/9
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\hackingtools.rar1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\hackingtools.rar"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-