14f41e52e85831bb42d9122b038fe76e86bc084e10636d086a4bd9f7f26abc97 | Triage

Analysis

max time kernel
103s
max time network
34s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 06:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

nje91q.zip
Size

632KB
MD5

f85c33dc9b710080b0691cb9170a0924
SHA1

a5ffe397ce816453a59992da2d545aefb53cdd23
SHA256

14f41e52e85831bb42d9122b038fe76e86bc084e10636d086a4bd9f7f26abc97
SHA512

ed126ca04306853ba28e298fe890829932406cc376c2460e5def5695b59bf79b9981222333d8a168af4c753603f6813a7533776324aa33f402369fc9ae928a76
SSDEEP

12288:rUwiC/+f9QM+Uug1e+12zqguO2zhnp7clY/3lqH98PM:4wv8QM+Uug132zRuO20lA4d8PM

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	2896	7zG.exe
Token: 35	2896	7zG.exe
Token: SeSecurityPrivilege	2896	7zG.exe
Token: SeSecurityPrivilege	2896	7zG.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2896	7zG.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\nje91q.zip
1⤵
PID:2872

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1920

C:\Windows\system32\verclsid.exe
"C:\Windows\system32\verclsid.exe" /S /C {0B2C9183-C9FA-4C53-AE21-C900B0C39965} /I {0C733A8A-2A1C-11CE-ADE5-00AA0044773D} /X 0x401
1⤵
PID:2728

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\nje91q\" -ad -an -ai#7zMap3962:74:7zEvent11249
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads