1e97991128cf9cc7643f8175ea8269e393211ef477ace9cc78be5e9acce05e4f

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-06-2024 13:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

openMe.rar
Size

8.4MB
MD5

3da01ddc8c5124871b676be7b55b974f
SHA1

ff8c90489d35ed87491365af4b6433d39f919b8e
SHA256

41e4567256cc28254ca8154b1e0253ae71a0eb2ff48f8d1054d55228c9182823
SHA512

c9e60b6c49cf8608abaa28a920c106556c0f33bcba50ebf00f0fc1ccabbc800b05053af6306f8be7130ed22cd953c139bf900c79abbb6f2df2b945c161aebedc
SSDEEP

196608:apbUfGHEAGCKtonpy+9zUwKRew8nxK3yrjstiA23wlt5mk:aWuHEAcoIiQynxWyrw4wH5z

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

7zFM.exe

description pid process

Token: SeRestorePrivilege 2592 7zFM.exe
Token: 35 2592 7zFM.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

7zFM.exe

pid process

2592 7zFM.exe

description	pid	process
Token: SeRestorePrivilege	2592	7zFM.exe
Token: 35	2592	7zFM.exe

pid	process
2592	7zFM.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1652 wrote to memory of 2592	1652	cmd.exe	7zFM.exe
PID 1652 wrote to memory of 2592	1652	cmd.exe	7zFM.exe
PID 1652 wrote to memory of 2592	1652	cmd.exe	7zFM.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\openMe.rar
1⤵
- Suspicious use of WriteProcessMemory
PID:1652

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\openMe.rar"
2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2592

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2380

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads