Analysis
-
max time kernel
38s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
04-10-2024 08:23
General
-
Target
test3.zip
-
Size
102KB
-
MD5
2ad917c24d22e27eccab6428f23baa8f
-
SHA1
d453e717149d58e94fce377ff7b74f888007848f
-
SHA256
bbe275683f3c65d415877b5d1f469b4ddec1069bd3891a7a89b47b43a43e8ce4
-
SHA512
545b64c26ed060b12dc1a466f3749918d72dde2baa41105cddba787361973d86b8907020a44b88dd1e113e57ccfa14478edd64bba15c74ef2963343b6b4d0a20
-
SSDEEP
3072:Wwa7KxzWhIKXRzJUGdje+7Yenbw85eNwnaYeW02aw:Wwa7NhIKYG0+EeHeSa912aw
Score
1/10
Malware Config
Signatures
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\test3.zip1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\test3\" -spe -an -ai#7zMap6170:90:7zEvent107211⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\test3\nothing.txt1⤵
- Opens file in notepad (likely ransom note)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7B
MD53e47b75000b0924b6c9ba5759a7cf15d
SHA10feca720e2c29dafb2c900713ba560e03b758711
SHA2561785cfc3bc6ac7738e8b38cdccd1af12563c2b9070e07af336a1bf8c0f772b6a
SHA5121d6c61c1f237e2664f242b96dfaae5feb325771723d76fac41dba6ef22c45cafefb0951f43309fc6bc852b98a5406d3c2909b606688a882d43c6fb905162b10f