8e24500c381c9abb77a1892a68e62f367852ff945e1bcbac379441e4fea772b1

Resubmissions

23-05-2024 14:32

240523-rwr6naed5w 10

23-05-2024 14:31

240523-rvpzxaee27 10

23-05-2024 08:41

240523-klg5daba72 10

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 14:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ach_Payment_Advice01.gz
Size

612KB
MD5

adf375448796e4d3f80067a25fe89f46
SHA1

cfc575914ca0ebe94abf5d89722f6fbfaa9e1ee9
SHA256

c992f916c0381e40b3849ad77534f0bb944e4e42283793fd7ac06e245cd43cef
SHA512

e98fa14ef9a55f05bc8f48cab97397d732c12154b12caaef0d8fd0e39d8fff5b22f865eb9f9ade221ac64840011f2bbf2361042be9fbabe2c7f398dd976c3dc3
SSDEEP

12288:RJCt63Yngjh38jpvNO1ShvoOJ/gf5jb0qy3QQ5tcGgU0fOYeWiKp6cgxA:G63cihMpFutYjtPEU0m3KIcH

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid process

2576 7zFM.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

7zFM.exe

description pid process

Token: SeRestorePrivilege 2576 7zFM.exe
Token: 35 2576 7zFM.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

7zFM.exe

pid process

2576 7zFM.exe

pid	process
2576	7zFM.exe

description	pid	process
Token: SeRestorePrivilege	2576	7zFM.exe
Token: 35	2576	7zFM.exe

pid	process
2576	7zFM.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 2200 wrote to memory of 2576	2200	cmd.exe	7zFM.exe
PID 2200 wrote to memory of 2576	2200	cmd.exe	7zFM.exe
PID 2200 wrote to memory of 2576	2200	cmd.exe	7zFM.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Ach_Payment_Advice01.gz
1⤵
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Ach_Payment_Advice01.gz"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads