Overview
overview
10Static
static
10000004025...57.eml
windows7-x64
50000004025...57.eml
windows10-2004-x64
3PEDIDO 4500998957.eml
windows7-x64
5PEDIDO 4500998957.eml
windows10-2004-x64
3PM910255_P..._1.rar
windows7-x64
3PM910255_P..._1.rar
windows10-2004-x64
3PM910255_P..._1.exe
windows7-x64
10PM910255_P..._1.exe
windows10-2004-x64
10email-html-1.html
windows7-x64
1email-html-1.html
windows10-2004-x64
1email-plain-1.txt
windows7-x64
1email-plain-1.txt
windows10-2004-x64
1Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 15:26
Static task
static1
Behavioral task
behavioral1
Sample
0000004025-Fwd_ PEDIDO 4500998957.eml
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
0000004025-Fwd_ PEDIDO 4500998957.eml
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
PEDIDO 4500998957.eml
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
PEDIDO 4500998957.eml
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
PM910255_PRD0000416382_1.rar
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
PM910255_PRD0000416382_1.rar
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
PM910255_PRD0000416382_1.exe
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
PM910255_PRD0000416382_1.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
email-html-1.html
Resource
win7-20240419-en
Behavioral task
behavioral10
Sample
email-html-1.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
email-plain-1.txt
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
email-plain-1.txt
Resource
win10v2004-20240508-en
General
-
Target
PM910255_PRD0000416382_1.rar
-
Size
654KB
-
MD5
4341cd61188b355f1094c974c0797453
-
SHA1
813d1ebc8e4911a53277a8f33f9384e95b572d7e
-
SHA256
70618f81836249b022347e4421f300095e818bbd2cc038fa492b31ed2b625879
-
SHA512
10481bf16f778592f0adae495cd5d7633d51c6750256ec959255db3cfe89165f5dfc38dcfea95123741dc75d34263bd907bbfbce6abcee77834b8f122de01754
-
SSDEEP
12288:b/Z4CvrqK7ZfLXOhk39SMhwAuKRryTSNGbPIYhGldnth7LsQK:bRRrqKFLXxgMhwI4TWGfGlx/K
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
7zFM.exepid process 2540 7zFM.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
7zFM.exedescription pid process Token: SeRestorePrivilege 2540 7zFM.exe Token: 35 2540 7zFM.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
7zFM.exepid process 2540 7zFM.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 2764 wrote to memory of 2540 2764 cmd.exe 7zFM.exe PID 2764 wrote to memory of 2540 2764 cmd.exe 7zFM.exe PID 2764 wrote to memory of 2540 2764 cmd.exe 7zFM.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\PM910255_PRD0000416382_1.rar1⤵
- Suspicious use of WriteProcessMemory
PID:2764 -
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\PM910255_PRD0000416382_1.rar"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2540