Resubmissions
19-02-2024 19:16
240219-xzannsbc6y 1019-02-2024 19:12
240219-xwla1abb8z 106-02-2024 16:53
240206-veee1sbeb4 10Analysis
-
max time kernel
100s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
19-02-2024 19:12
Static task
static1
Behavioral task
behavioral1
Sample
quisisana-ag.zip
Resource
win10v2004-20231215-en
2 signatures
300 seconds
General
-
Target
quisisana-ag.zip
-
Size
252KB
-
MD5
0832e426e9d11f407af8dbd3b386051f
-
SHA1
52fc963d3e76adcd71017066ef0d911ed6ae545b
-
SHA256
8ca6dc7fcf25e0e7d4a521d35ec27d08fd5b2832f06f2aa32b52b36b69f47c8c
-
SHA512
5bcd76d20f5109a4ae4a12b6188eefead31660f92b05374dd25166199a83941dc073d4aded152f8df624cb924d0fc99ff867285427a897803cf7a759326abe8d
-
SSDEEP
6144:QQC0luYPDDz1Tv5DvKh9ar7wbeNW79ujJuXFJ4:hPNdvKMwbeo7OJcW
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeRestorePrivilege 2936 7zG.exe Token: 35 2936 7zG.exe Token: SeSecurityPrivilege 2936 7zG.exe Token: SeSecurityPrivilege 2936 7zG.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2936 7zG.exe
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\quisisana-ag.zip1⤵PID:1692
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1384
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\" -an -ai#7zMap3592:104:7zEvent144741⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2936