Overview

overview

10

Static

static

3

7-zip/7-zip.exe

windows10-2004-x64

10

7-zip/7-zip.exe

windows11-21h2-x64

10

7-zip/7z2408-x64.exe

windows10-2004-x64

7

7-zip/7z2408-x64.exe

windows11-21h2-x64

7

Resubmissions

07-10-2024 20:19

241007-y4a1nswgld 10

07-10-2024 17:40

241007-v9c6favbqf 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7-zip.zip

  • Size

    3.6MB

  • Sample

    241007-v9c6favbqf

  • MD5

    d04eaabede0983e9ba0064665d05bd00

  • SHA1

    6727f5ac51db9ad05dd87663df005299c95eda26

  • SHA256

    3d00468448abc115a138a0d7c0e39db72bf3c46ed086926e7b9f1854835676b6

  • SHA512

    dcf1d02d05a702b750d6d3e777081b8fbd0d6259a7cdff69f94569c70437174f9526a347ce02c513ddd55cd2c3b40d595bcd4126ab1c7b8f973b9e8840a27745

  • SSDEEP

    98304:hpowx4xhXFS4fUEqG7S4ENOzeuAGrXnF6uolNc4ol:hpF4bFS6PS3NOuO8736

Score
10/10
netsupportdiscoverypersistenceprivilege_escalationrat

Malware Config

Targets

    • Target

      7-zip/7-zip.exe

    • Size

      54KB

    • MD5

      7f06dcc4844532ba0d64812e6dca5240

    • SHA1

      76527c1ddb0bf3e64dd1ce3ff6aa0708e09366e1

    • SHA256

      ab91de964c96b6a6903fa52419fbb17a2c1fee6817f5704a07db4edc9855e72e

    • SHA512

      93d1b8f22e30ed55c95493f164052bbc4db2c164dc66300fdb8d72df02bc8d1c01aef8bc5b0f2fc7fb1d3786a31229fdc22cd3f457aaec2d3f5f11760b618156

    • SSDEEP

      1536:HtvrImfzoXK6DDvvvDvpvZMt+pan/opg6F2:lImfzoXK9/o6d

    Score
    10/10
    netsupportdiscoveryrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport
    behavioral1behavioral2

    • Target

      7-zip/7z2408-x64.exe

    • Size

      1.5MB

    • MD5

      0330d0bd7341a9afe5b6d161b1ff4aa1

    • SHA1

      86918e72f2e43c9c664c246e62b41452d662fbf3

    • SHA256

      67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b

    • SHA512

      850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1

    • SSDEEP

      24576:UEBmEo1y9fcw5K42KmEDaMYAhr08oSG4OdWrfjcaHSNXJdx7wE9iko6qzLJmYYUP:UEvoo24xV2JJdPwMJ3x75z5q0jc/3

    Score
    7/10
    discoverypersistenceprivilege_escalation

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks