Overview

overview

7

Static

static

3

7z2405-x64.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    68s
  • max time network
    67s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-06-2024 18:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7z2405-x64.exe

  • Size

    1.5MB

  • MD5

    c73433dd532d445d099385865f62148b

  • SHA1

    4723c45f297cc8075eac69d2ef94e7e131d3a734

  • SHA256

    12ef1c8127ec3465520e4cfd23605b708d81a5a2cf37ba124f018e5c094de0d9

  • SHA512

    1211c8b67652664d6f66e248856b95ca557d4fdb4ea90d30df68208055d4c94fea0d158e7e6a965eae5915312dee33f62db882bb173faec5332a17bd2fb59447

  • SSDEEP

    49152:ZEVAbJqaITViU3qLkr7toP9KT+uv6WC+5uxe1o58:ZEVcqeUaki9oBqt+

Score
7/10
discoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 20 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7z2405-x64.exe
    "C:\Users\Admin\AppData\Local\Temp\7z2405-x64.exe"
    1⤵
    • Drops file in Program Files directory
    • Modifies registry class
    PID:1968
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3944
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb79b7ab58,0x7ffb79b7ab68,0x7ffb79b7ab78
      2⤵
        PID:3656
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1808,i,12842749040174467896,4081601322456818276,131072 /prefetch:2
        2⤵
          PID:388
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1808,i,12842749040174467896,4081601322456818276,131072 /prefetch:8
          2⤵
            PID:1988
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2280 --field-trial-handle=1808,i,12842749040174467896,4081601322456818276,131072 /prefetch:8
            2⤵
              PID:1052
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1808,i,12842749040174467896,4081601322456818276,131072 /prefetch:1
              2⤵
                PID:4056
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1808,i,12842749040174467896,4081601322456818276,131072 /prefetch:1
                2⤵
                  PID:3672
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4076 --field-trial-handle=1808,i,12842749040174467896,4081601322456818276,131072 /prefetch:1
                  2⤵
                    PID:2832
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1808,i,12842749040174467896,4081601322456818276,131072 /prefetch:8
                    2⤵
                      PID:4424
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1808,i,12842749040174467896,4081601322456818276,131072 /prefetch:8
                      2⤵
                        PID:3176
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4892 --field-trial-handle=1808,i,12842749040174467896,4081601322456818276,131072 /prefetch:1
                        2⤵
                          PID:5096
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4896 --field-trial-handle=1808,i,12842749040174467896,4081601322456818276,131072 /prefetch:1
                          2⤵
                            PID:1192
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3340 --field-trial-handle=1808,i,12842749040174467896,4081601322456818276,131072 /prefetch:1
                            2⤵
                              PID:4480
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4604 --field-trial-handle=1808,i,12842749040174467896,4081601322456818276,131072 /prefetch:1
                              2⤵
                                PID:1504
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1728 --field-trial-handle=1808,i,12842749040174467896,4081601322456818276,131072 /prefetch:1
                                2⤵
                                  PID:3712
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4088 --field-trial-handle=1808,i,12842749040174467896,4081601322456818276,131072 /prefetch:1
                                  2⤵
                                    PID:1172
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1808,i,12842749040174467896,4081601322456818276,131072 /prefetch:8
                                    2⤵
                                      PID:4424
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1808,i,12842749040174467896,4081601322456818276,131072 /prefetch:8
                                      2⤵
                                        PID:4904
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4216 --field-trial-handle=1808,i,12842749040174467896,4081601322456818276,131072 /prefetch:8
                                        2⤵
                                          PID:3476
                                      • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                        "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                        1⤵
                                          PID:2028

                                        Network

                                        MITRE ATT&CK Matrix ATT&CK v13

                                        Initial Access

                                        Execution

                                        Persistence

                                        Event Triggered Execution

                                        1
                                        T1546

                                        Component Object Model Hijacking

                                        1
                                        T1546.015

                                        Privilege Escalation

                                        Event Triggered Execution

                                        1
                                        T1546

                                        Component Object Model Hijacking

                                        1
                                        T1546.015

                                        Defense Evasion

                                        Credential Access

                                        Discovery

                                        Query Registry

                                        2
                                        T1012

                                        System Information Discovery

                                        2
                                        T1082

                                        Lateral Movement

                                        Collection

                                        Exfiltration

                                        Command and Control

                                        Impact

                                        Resource Development

                                        Reconnaissance

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Program Files\7-Zip\7-zip.dll
                                          Filesize

                                          99KB

                                          MD5

                                          3428b9967f63c00213d6dbdb27973996

                                          SHA1

                                          1cf56abc2e0b71f5a927ea230c8cca073d20fc97

                                          SHA256

                                          56008756553ea5876fb8aad98f6f5dbca1ba14c5e53f4fa9ec318e355e146a7e

                                          SHA512

                                          b876b39d030818ce7879eb9bb5ff4375712cf145b7457a815880bf010215bd9dcde539e7d0877c56558e0d23a310bc75bfb9d315f9966cbda4ae02a7821980cc

                                          Download Submit
                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                          Filesize

                                          2B

                                          MD5

                                          d751713988987e9331980363e24189ce

                                          SHA1

                                          97d170e1550eee4afc0af065b78cda302a97674c

                                          SHA256

                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                          SHA512

                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                          Download Submit
                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                          Filesize

                                          7KB

                                          MD5

                                          edadebf667aec9c2725564d6b63ffc83

                                          SHA1

                                          02760e4f18460ebede651dc1eb21bf59a41fd70e

                                          SHA256

                                          352d5c3f38a1be6fead19f1cb5a367354cb86705f44f358fca00f13c4942e5f9

                                          SHA512

                                          97080eab27fb01562d213e4bc2c04b859678c5893e9aeef0b41b416a1af42bb92b508658f1345992f89196b31b7bc8f6a71cdd0346e0e8caf6376dbba0ee863e

                                          Download Submit
                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                          Filesize

                                          7KB

                                          MD5

                                          d51ef8d7113c583dc36e7ca519cadce5

                                          SHA1

                                          dd522051405756f5581406fe604093c2477130cd

                                          SHA256

                                          f0a880b2b0385bfa1111727625f29b4c8f16200475e1413c28817138b8574344

                                          SHA512

                                          424ea26882e444809276a6b7e371da772cacff5a60e80d2f7bbbf4d3348f5dc34adfc7b1173684799b7b2e9d5f3d6971b425eadc61ed6076018ed961fcf080e9

                                          Download Submit
                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                          Filesize

                                          257KB

                                          MD5

                                          c132fc2286b39fb59e9fad809af188e3

                                          SHA1

                                          f723a257a327391fc595bc6edafbd97776914ba7

                                          SHA256

                                          8c936ce6693b64839627ef7cf05a40bfb3813b770d4cfa16343e755103374618

                                          SHA512

                                          4cd1960a939da0576505810e57c4075a11199bf29a74080490bd3db54f42f3bb7340d121468025ad01089e98e49f69dfb1e3937a8cb2a25b7eae08f5cac11754

                                          Download Submit
                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                          Filesize

                                          257KB

                                          MD5

                                          f96227d9723b761187d560e96bcec820

                                          SHA1

                                          75ef981a651f6af37464c9c082f377809de34acf

                                          SHA256

                                          7158baa133e1aaf242f43ffbd37aeea0f60c685d7e66a73505a9ab9f65415e2c

                                          SHA512

                                          a30c69d6f7a2212b948258e89b1ea9c3bcc22bc1585bf35daff9dc4cf5a5f2fc041aa66a30d3e585269c224ff30436da0735332b7941a665b7e3da67ef6a24c8

                                          Download Submit
                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
                                          Filesize

                                          92KB

                                          MD5

                                          9573c89b98ae74c0a0e2d241308c4f33

                                          SHA1

                                          4dfb0647e31be072498a34003d1ed405eced77ac

                                          SHA256

                                          24e8f7fb78f19077dda34a7dfcc660a115028213f04c6ea0cc627875b64a4c21

                                          SHA512

                                          8a60447ffb64d8cf54d2e6c7f316c56e8ba65f6a4a09a983642e59d5787c8d550786a8818b8a73f70242214a5063cc0be974afcffd7ef3325f5aa29c8cf923e2

                                          Download Submit
                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58555e.TMP
                                          Filesize

                                          89KB

                                          MD5

                                          e62fdea9d2bf5ace61bab5dd760942b2

                                          SHA1

                                          6e57da9f03579290c1863682ab63f0fcac71ba9c

                                          SHA256

                                          933734c682e436c7ecc89b7f1a84950bd26fa187a006f924e5dfb85bf1afa9e0

                                          SHA512

                                          6d5693fb59f7ec99c722217d6c2ac4c2a7281d39137cffb34186f5b35ab7b62d74518140f792a0e70bb7c79f03850d3a2d7eb16aca2740368a78b85d8bc38387

                                          Download Submit
                                        • \??\pipe\crashpad_3944_ANIZCLAJAMHLCYYT
                                          MD5

                                          d41d8cd98f00b204e9800998ecf8427e

                                          SHA1

                                          da39a3ee5e6b4b0d3255bfef95601890afd80709

                                          SHA256

                                          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                          SHA512

                                          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                          Download Submit