Overview
overview
10Static
static
102_xyc6huq...u3.rar
windows7-x64
302_xyc6huq...u3.rar
windows10-1703-x64
302_xyc6huq...u3.rar
windows10-2004-x64
302_xyc6huq...u3.rar
windows11-21h2-x64
3URGENTE_NO...ON.cmd
windows7-x64
10URGENTE_NO...ON.cmd
windows10-1703-x64
10URGENTE_NO...ON.cmd
windows10-2004-x64
10URGENTE_NO...ON.cmd
windows11-21h2-x64
10Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
24-04-2024 12:52
Static task
static1
Behavioral task
behavioral1
Sample
02_xyc6huqzuj0jtsmevswrmw8cd25yqku3.rar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
02_xyc6huqzuj0jtsmevswrmw8cd25yqku3.rar
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
02_xyc6huqzuj0jtsmevswrmw8cd25yqku3.rar
Resource
win10v2004-20240412-en
Behavioral task
behavioral4
Sample
02_xyc6huqzuj0jtsmevswrmw8cd25yqku3.rar
Resource
win11-20240412-en
Behavioral task
behavioral5
Sample
URGENTE_NOTIFICATION.cmd
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
URGENTE_NOTIFICATION.cmd
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
URGENTE_NOTIFICATION.cmd
Resource
win10v2004-20240226-en
Behavioral task
behavioral8
Sample
URGENTE_NOTIFICATION.cmd
Resource
win11-20240412-en
General
-
Target
02_xyc6huqzuj0jtsmevswrmw8cd25yqku3.rar
-
Size
4.3MB
-
MD5
b7564a9b1aac20457e2d1a33a6b412bc
-
SHA1
9f3059dd7f3c598194827b15b769bbf685ccaa07
-
SHA256
ace733fd929688fb9cba1a8ecfb05db47c214694a9a993650bd022ab869a9c8a
-
SHA512
4e97416424aa4508d2da7797259d3dc17d7442af41b52f571e92682d75b163aa30a5511631e89164bb705dae1f57e03710b0fe3a6bb17586b5b3ceaa7a033521
-
SSDEEP
49152:TEi0F7JFavH5JDy0oqMaKcCln2UE+ESPTcexrEPdOgSlxHgamuc6slJ:x
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
7zFM.exepid process 2604 7zFM.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
7zFM.exedescription pid process Token: SeRestorePrivilege 2604 7zFM.exe Token: 35 2604 7zFM.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
7zFM.exepid process 2604 7zFM.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 2940 wrote to memory of 2604 2940 cmd.exe 7zFM.exe PID 2940 wrote to memory of 2604 2940 cmd.exe 7zFM.exe PID 2940 wrote to memory of 2604 2940 cmd.exe 7zFM.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\02_xyc6huqzuj0jtsmevswrmw8cd25yqku3.rar1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\02_xyc6huqzuj0jtsmevswrmw8cd25yqku3.rar"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow