Analysis
-
max time kernel
53s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
12-03-2024 17:01
General
-
Target
Telegram Desktop.rar
-
Size
802.5MB
-
MD5
c27b7a4ff8387a553aa8ece1233f6f70
-
SHA1
436290ab35fd3e4de206d9a260c249f4ee14b4cc
-
SHA256
29d1b3fbd0c2615f298de1abbbb110757c4ed6a04b4e3957212e0d8796c37b44
-
SHA512
4793d7a3c3ed65cab477c75406dd56d416baa952f25b2812b673922bffc8ac76ae4844de21946ac7e281230c4e42ae8f8ab2f37e374de2e0ab5e5309642ff99d
-
SSDEEP
12582912:fpcYZCKX/IwdHf9eeXZRvu2zVVx3LziQSLoULgG8LfQa6FWQwUyu0VJARhNzVTI:Rc4X/h/1Jdu2zjxLzicU0GoILJnaJks
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Telegram Desktop.rar"1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Telegram Desktop.rar"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-