Analysis Overview
SHA256
3d00468448abc115a138a0d7c0e39db72bf3c46ed086926e7b9f1854835676b6
Threat Level: Known bad
The file 7-zip.zip was found to be: Known bad.
Malicious Activity Summary
NetSupport
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-07 17:47
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-07 17:47
Reported
2024-10-07 18:18
Platform
win10v2004-20241007-en
Max time kernel
1332s
Max time network
1793s
Command Line
Signatures
NetSupport
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7-zip\7-zip.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7-zip\7-zip.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7-zip\7-zip.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\7-zip\7-zip.exe
"C:\Users\Admin\AppData\Local\Temp\7-zip\7-zip.exe"
Network
| Country | Destination | Domain | Proto |
| DE | 212.224.107.150:443 | tcp | |
| US | 8.8.8.8:53 | geo.netsupportsoftware.com | udp |
| US | 104.26.1.231:80 | geo.netsupportsoftware.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.107.224.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.1.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-07 17:47
Reported
2024-10-07 18:17
Platform
win11-20241007-en
Max time kernel
604s
Max time network
1793s
Command Line
Signatures
NetSupport
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7-zip\7-zip.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7-zip\7-zip.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7-zip\7-zip.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\7-zip\7-zip.exe
"C:\Users\Admin\AppData\Local\Temp\7-zip\7-zip.exe"
Network
| Country | Destination | Domain | Proto |
| DE | 212.224.107.150:443 | tcp | |
| US | 8.8.8.8:53 | geo.netsupportsoftware.com | udp |
| US | 104.26.1.231:80 | geo.netsupportsoftware.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.1.26.104.in-addr.arpa | udp |