Analysis
-
max time kernel
1563s -
max time network
1564s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
22-04-2024 18:38
Behavioral task
behavioral1
Sample
i.rar
Resource
win7-20240221-en
windows7-x64
5 signatures
1800 seconds
Behavioral task
behavioral2
Sample
i.rar
Resource
win10v2004-20240412-en
windows10-2004-x64
4 signatures
1800 seconds
General
-
Target
i.rar
-
Size
9.7MB
-
MD5
d3bf76387d5d6a29ad4cc00e207e9440
-
SHA1
332fea0983c0a0d3f07c715aaccf9e6a1ec2eff5
-
SHA256
e8f6ba80489fd7528fc76a9120d3752fffd4d4d46526f1d096183a0e612c3898
-
SHA512
b14e6cce7779550f3d9007d9577f9cd0009979628824198e51c77c8756a2082f9406faef963b5a4cb38ff97df18149ef49df254564dcdaa0d8397d7e3a69d499
-
SSDEEP
196608:fe396cMyeLS8wMFcRsWuDPnRlNyYjTqU+zz+WEBRDEtTiutQ0FLII:s96cMDLSjAUqTdjPqz/EBOtmP0tII
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
7zFM.exepid process 2308 7zFM.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
7zFM.exedescription pid process Token: SeRestorePrivilege 2308 7zFM.exe Token: 35 2308 7zFM.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
7zFM.exepid process 2308 7zFM.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 2152 wrote to memory of 2308 2152 cmd.exe 7zFM.exe PID 2152 wrote to memory of 2308 2152 cmd.exe 7zFM.exe PID 2152 wrote to memory of 2308 2152 cmd.exe 7zFM.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\i.rar1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\i.rar"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow