Resubmissions
15-06-2024 04:04
240615-em1efsycrd 915-06-2024 04:02
240615-ematssscrr 915-06-2024 04:00
240615-eksa3ascnj 315-06-2024 03:58
240615-ejj83ascjr 9Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
15-06-2024 04:00
Static task
static1
Behavioral task
behavioral1
Sample
NiggaSploit.gz
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
NiggaSploit.gz
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
sample.tar
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
sample.tar
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
SolaraB2/SolaraBootstrapper.exe
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
SolaraB2/SolaraBootstrapper.exe
Resource
win10v2004-20240508-en
General
-
Target
sample.tar
-
Size
810KB
-
MD5
ff32e175229d6243fdc9567c5df26518
-
SHA1
c4e3383ff4516107c1d6f0a2cc7e5863a9375119
-
SHA256
e3c550cf10c51b592c7b4a5c23e3814728a454e6ac74762dbdff032d2ffeab8e
-
SHA512
b035541857fab45eb3e4960325b9d9761bda370fb58b80ab6d9fc485f277a9b729f129c0ed5adcd67aba80d8186626dafaa4a1f1e25c41df0c022887badf31ba
-
SSDEEP
12288:WfSmzhHoAX5TyQvgwRojAojGdJaTGLLvlguxD:dmzhHWQDRojAojGddLL
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
7zFM.exepid process 2556 7zFM.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
7zFM.exedescription pid process Token: SeRestorePrivilege 2556 7zFM.exe Token: 35 2556 7zFM.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
7zFM.exepid process 2556 7zFM.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 2252 wrote to memory of 2556 2252 cmd.exe 7zFM.exe PID 2252 wrote to memory of 2556 2252 cmd.exe 7zFM.exe PID 2252 wrote to memory of 2556 2252 cmd.exe 7zFM.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\sample.tar1⤵
- Suspicious use of WriteProcessMemory
PID:2252 -
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\sample.tar"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2556