73e7ea40a38cb32af35fdc3a66c7af3b86c40ee0af97f187186c21634db4864e

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-06-2024 08:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

openMe.rar
Size

8.4MB
MD5

62f984e034b4167ccc5e948e16030df9
SHA1

852ea7df5505d8e6d7e56a1c524f0db05c11c638
SHA256

8072304e97c405c2c80ea493e45b7dc5b291f68814583049c68cee1f192e8d90
SHA512

3809cc3d6d7b431ea54bc227f3387f92e9c93441a319c328cc18d620e7c320d53a161f46e9ac1499ab3673c7133018f527d5978b99eece0003124c37ba30b021
SSDEEP

196608:wNFxiXYYs7pwUDR3adXBwogmDNaqX4ViWl/fIKjErGI+ht5j:4FgoHAxfkDVigfryGIyvj

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

7zFM.exe

description pid process

Token: SeRestorePrivilege 2672 7zFM.exe
Token: 35 2672 7zFM.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

7zFM.exe

pid process

2672 7zFM.exe

description	pid	process
Token: SeRestorePrivilege	2672	7zFM.exe
Token: 35	2672	7zFM.exe

pid	process
2672	7zFM.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 2292 wrote to memory of 2672	2292	cmd.exe	7zFM.exe
PID 2292 wrote to memory of 2672	2292	cmd.exe	7zFM.exe
PID 2292 wrote to memory of 2672	2292	cmd.exe	7zFM.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\openMe.rar
1⤵
- Suspicious use of WriteProcessMemory
PID:2292

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\openMe.rar"
2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2672

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads