Analysis
-
max time kernel
118s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25-05-2024 15:39
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Software_1.30.1.rar
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
Software_1.30.1.rar
-
Size
11.1MB
-
MD5
6b793466d2bd5f3518ba8f652c349bbc
-
SHA1
0074d126f0b4015d04b3261b3bdc6f82701e49cc
-
SHA256
513d2ec0c996a97c554741d6f021dd8fb2a2637bc06047c70e26e33f71998b40
-
SHA512
ff6e163ab3479c2d1217a4e9c69071f8d3326c25098587a53f5eb6ffb7438d4aa459a738f9def1cda9506dffb5d1964e1d89011a831158ef6fb20e20792833f4
-
SSDEEP
196608:VZ6u+eldqUsxKGyBhqQnDPNA92ILS1XezkIFRCCXqvO2IdfzNrYLdKkt:t+eDqPozBhqQnDPNmS1X76n9J1+Kkt
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
7zFM.exepid process 2676 7zFM.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
7zFM.exedescription pid process Token: SeRestorePrivilege 2676 7zFM.exe Token: 35 2676 7zFM.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
7zFM.exepid process 2676 7zFM.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1308 wrote to memory of 2676 1308 cmd.exe 7zFM.exe PID 1308 wrote to memory of 2676 1308 cmd.exe 7zFM.exe PID 1308 wrote to memory of 2676 1308 cmd.exe 7zFM.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Software_1.30.1.rar1⤵
- Suspicious use of WriteProcessMemory
PID:1308 -
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Software_1.30.1.rar"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2676
-