Overview

overview

7

Static

static

1

MEMZ-Destructive.7z

windows7-x64

3

MEMZ-Destructive.7z

windows10-2004-x64

7

Resubmissions

19-02-2024 20:00

240219-yrcnqscf93 7

19-02-2024 19:56

240219-yn1ldscf47 7

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19-02-2024 20:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MEMZ-Destructive.7z

  • Size

    17KB

  • MD5

    d91a65636b8d4b7437983e064e2580fa

  • SHA1

    2bfaf387d22b7e9c1a54c35d8ab33fa84006ece3

  • SHA256

    c547f9193b8fcb681dbb93968d54ac9912901097e1912ff7ad11c5a9ee13062c

  • SHA512

    0175a90f980354b6f9a0fb66be6672c18c03a33fb547a0a16d159f18745f59fc5f4d9dae69dfd4d3bcffbc1bd3bbc73901000931dc3c12b70dde6e4e72a92f9f

  • SSDEEP

    384:CxpNbARMGzvkdrUUAhybY4GfheFQb4M4ecf3iQ/FF87u20VoDWXeQT:Cxp6RLzMtUUVMsFQb4ycfiQ/o10XeQT

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.7z
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.7z"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2404

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads