Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
13-03-2024 17:04
Static task
static1
Behavioral task
behavioral1
Sample
3C1DC5055FF46C2196F26BA9F91B065DB78061487DDCFEE35A8E8C1B74E845CA.tar.rar
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
3C1DC5055FF46C2196F26BA9F91B065DB78061487DDCFEE35A8E8C1B74E845CA.tar.rar
Resource
win10v2004-20240226-en
General
-
Target
3C1DC5055FF46C2196F26BA9F91B065DB78061487DDCFEE35A8E8C1B74E845CA.tar.rar
-
Size
1.5MB
-
MD5
4e79798637a56d4293baba2f4109e7d3
-
SHA1
3b22d302e3ad7ad7a9e471c5c4914bf93b17163f
-
SHA256
a2ad286e5c6c15d25b32826a784fd900fa80cda34021a9d4a70b8cbd8b47201d
-
SHA512
9b26d2ae8e6c9c12b56f93715dcbb6f4bf61de67b777f3a30b6a376c8271d9897662da09c4a203be0a123a9e34c3c663325b7411510096f545e574f4d673b03b
-
SSDEEP
24576:KwHZK6bBsgK3ANuTqgM0cGUfRVeGJRC1v4uWaTi0ipmBBKKzWAxqPB2Tggv2:bsgKwHgM0c3JVdJegSi0i4B1be2Tpu
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2560 7zFM.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeRestorePrivilege 2560 7zFM.exe Token: 35 2560 7zFM.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2560 7zFM.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2416 wrote to memory of 2560 2416 cmd.exe 29 PID 2416 wrote to memory of 2560 2416 cmd.exe 29 PID 2416 wrote to memory of 2560 2416 cmd.exe 29
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\3C1DC5055FF46C2196F26BA9F91B065DB78061487DDCFEE35A8E8C1B74E845CA.tar.rar1⤵
- Suspicious use of WriteProcessMemory
PID:2416 -
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\3C1DC5055FF46C2196F26BA9F91B065DB78061487DDCFEE35A8E8C1B74E845CA.tar.rar"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2560
-