Overview

overview

1

Static

static

1

quisisana-ag.zip

windows10-2004-x64

1

Resubmissions

19-02-2024 19:16

240219-xzannsbc6y 10

19-02-2024 19:12

240219-xwla1abb8z 1

06-02-2024 16:53

240206-veee1sbeb4 10

Analysis

  • max time kernel
    100s
  • max time network
    114s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-02-2024 19:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    quisisana-ag.zip

  • Size

    252KB

  • MD5

    0832e426e9d11f407af8dbd3b386051f

  • SHA1

    52fc963d3e76adcd71017066ef0d911ed6ae545b

  • SHA256

    8ca6dc7fcf25e0e7d4a521d35ec27d08fd5b2832f06f2aa32b52b36b69f47c8c

  • SHA512

    5bcd76d20f5109a4ae4a12b6188eefead31660f92b05374dd25166199a83941dc073d4aded152f8df624cb924d0fc99ff867285427a897803cf7a759326abe8d

  • SSDEEP

    6144:QQC0luYPDDz1Tv5DvKh9ar7wbeNW79ujJuXFJ4:hPNdvKMwbeo7OJcW

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\quisisana-ag.zip
    1⤵
      PID:1692
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:1384
      • C:\Program Files\7-Zip\7zG.exe
        "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\" -an -ai#7zMap3592:104:7zEvent14474
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:2936

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads