Overview
overview
10Static
static
37-zip.zip
windows10-1703-x64
17-zip/7-zip.exe
windows10-1703-x64
107-zip/7z2408-x64.exe
windows10-1703-x64
77-zip/Audi...re.dll
windows10-1703-x64
37-zip/HTCTL32.dll
windows10-1703-x64
37-zip/NSM.lic
windows10-1703-x64
37-zip/PCICHEK.dll
windows10-1703-x64
37-zip/PCICL32.dll
windows10-1703-x64
37-zip/TCCTL32.dll
windows10-1703-x64
37-zip/client32.ini
windows10-1703-x64
17-zip/msvcr100.dll
windows10-1703-x64
37-zip/nskbfltr.inf
windows10-1703-x64
17-zip/nsm_vpro.ini
windows10-1703-x64
17-zip/pcicapi.dll
windows10-1703-x64
37-zip/remcmdstub.exe
windows10-1703-x64
3General
-
Target
7-zip.zip
-
Size
3.6MB
-
Sample
241007-y4a1nswgld
-
MD5
d04eaabede0983e9ba0064665d05bd00
-
SHA1
6727f5ac51db9ad05dd87663df005299c95eda26
-
SHA256
3d00468448abc115a138a0d7c0e39db72bf3c46ed086926e7b9f1854835676b6
-
SHA512
dcf1d02d05a702b750d6d3e777081b8fbd0d6259a7cdff69f94569c70437174f9526a347ce02c513ddd55cd2c3b40d595bcd4126ab1c7b8f973b9e8840a27745
-
SSDEEP
98304:hpowx4xhXFS4fUEqG7S4ENOzeuAGrXnF6uolNc4ol:hpF4bFS6PS3NOuO8736
Static task
static1
Behavioral task
behavioral1
Sample
7-zip.zip
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
7-zip/7-zip.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
7-zip/7z2408-x64.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
7-zip/AudioCapture.dll
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
7-zip/HTCTL32.dll
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
7-zip/NSM.lic
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
7-zip/PCICHEK.dll
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
7-zip/PCICL32.dll
Resource
win10-20240404-en
Behavioral task
behavioral9
Sample
7-zip/TCCTL32.dll
Resource
win10-20240404-en
Behavioral task
behavioral10
Sample
7-zip/client32.ini
Resource
win10-20240404-en
Behavioral task
behavioral11
Sample
7-zip/msvcr100.dll
Resource
win10-20240404-en
Behavioral task
behavioral12
Sample
7-zip/nskbfltr.inf
Resource
win10-20240404-en
Behavioral task
behavioral13
Sample
7-zip/nsm_vpro.ini
Resource
win10-20240404-en
Behavioral task
behavioral14
Sample
7-zip/pcicapi.dll
Resource
win10-20240404-en
Behavioral task
behavioral15
Sample
7-zip/remcmdstub.exe
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
7-zip.zip
-
Size
3.6MB
-
MD5
d04eaabede0983e9ba0064665d05bd00
-
SHA1
6727f5ac51db9ad05dd87663df005299c95eda26
-
SHA256
3d00468448abc115a138a0d7c0e39db72bf3c46ed086926e7b9f1854835676b6
-
SHA512
dcf1d02d05a702b750d6d3e777081b8fbd0d6259a7cdff69f94569c70437174f9526a347ce02c513ddd55cd2c3b40d595bcd4126ab1c7b8f973b9e8840a27745
-
SSDEEP
98304:hpowx4xhXFS4fUEqG7S4ENOzeuAGrXnF6uolNc4ol:hpF4bFS6PS3NOuO8736
Score1/10 -
-
-
Target
7-zip/7-zip.exe
-
Size
54KB
-
MD5
7f06dcc4844532ba0d64812e6dca5240
-
SHA1
76527c1ddb0bf3e64dd1ce3ff6aa0708e09366e1
-
SHA256
ab91de964c96b6a6903fa52419fbb17a2c1fee6817f5704a07db4edc9855e72e
-
SHA512
93d1b8f22e30ed55c95493f164052bbc4db2c164dc66300fdb8d72df02bc8d1c01aef8bc5b0f2fc7fb1d3786a31229fdc22cd3f457aaec2d3f5f11760b618156
-
SSDEEP
1536:HtvrImfzoXK6DDvvvDvpvZMt+pan/opg6F2:lImfzoXK9/o6d
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
-
-
Target
7-zip/7z2408-x64.exe
-
Size
1.5MB
-
MD5
0330d0bd7341a9afe5b6d161b1ff4aa1
-
SHA1
86918e72f2e43c9c664c246e62b41452d662fbf3
-
SHA256
67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b
-
SHA512
850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1
-
SSDEEP
24576:UEBmEo1y9fcw5K42KmEDaMYAhr08oSG4OdWrfjcaHSNXJdx7wE9iko6qzLJmYYUP:UEvoo24xV2JJdPwMJ3x75z5q0jc/3
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
7-zip/AudioCapture.dll
-
Size
91KB
-
MD5
4182f37b9ba1fa315268c669b5335dde
-
SHA1
2c13da0c10638a5200fed99dcdcf0dc77a599073
-
SHA256
a74612ae5234d1a8f1263545400668097f9eb6a01dfb8037bc61ca9cae82c5b8
-
SHA512
4f22ad5679a844f6ed248bf2594af94cf2ed1e5c6c5441f0fb4de766648c17d1641a6ce7c816751f0520a3ae336479c15f3f8b6ebe64a76c38bc28a02ff0f5dc
-
SSDEEP
1536:wrOxDJs/Ksdl0R1dBmhFXxRpP9JNvbnPUGI:3yXlQmhhHp9J9bnPTI
Score3/10 -
-
-
Target
7-zip/HTCTL32.DLL
-
Size
320KB
-
MD5
2d3b207c8a48148296156e5725426c7f
-
SHA1
ad464eb7cf5c19c8a443ab5b590440b32dbc618f
-
SHA256
edfe2b923bfb5d1088de1611401f5c35ece91581e71503a5631647ac51f7d796
-
SHA512
55c791705993b83c9b26a8dbd545d7e149c42ee358ecece638128ee271e85b4fdbfd6fbae61d13533bf39ae752144e2cc2c5edcda955f18c37a785084db0860c
-
SSDEEP
6144:2ib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OK/Y:2ib5YbsXioEgULFpSzya9/lY5SilQCfg
Score3/10 -
-
-
Target
7-zip/NSM.LIC
-
Size
2KB
-
MD5
c3acb1af45f26f321b16254a1150e5cc
-
SHA1
49267c214c8fafed1570a61b4aafb5b2a02fba6a
-
SHA256
6f22d4f19fd1bd72005354747065f6be2282983481def538cdede31df6bebdea
-
SHA512
97520c355b4b68bbe96606debd9fcb6fb13ecddcd35e6281c34175e4c582111c3f23bf16d27945a5f436a4a99472838de643b700ffb0f45cbeda45fe158436f3
Score3/10 -
-
-
Target
7-zip/PCICHEK.DLL
-
Size
18KB
-
MD5
a0b9388c5f18e27266a31f8c5765b263
-
SHA1
906f7e94f841d464d4da144f7c858fa2160e36db
-
SHA256
313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a
-
SHA512
6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd
-
SSDEEP
192:1ANeiOT8Z2b6SoVF6RRHaPrpF3o47jtd3hfwHjvud3hfwx7bjuh:1ANt+E2exrpxTSDuTuih
Score3/10 -
-
-
Target
7-zip/PCICL32.DLL
-
Size
3.5MB
-
MD5
ad51946b1659ed61b76ff4e599e36683
-
SHA1
dfe2439424886e8acf9fa3ffde6caaf7bfdd583e
-
SHA256
07a191254362664b3993479a277199f7ea5ee723b6c25803914eedb50250acf4
-
SHA512
6c30e7793f69508f6d9aa6edcec6930ba361628ef597e32c218e15d80586f5a86d89fcbee63a35eab7b1e0ae26277512f4c1a03df7912f9b7ff9a9a858cf3962
-
SSDEEP
49152:xOHDe5Yr6tYA4S+DjdwfwBTNZaZQclSpmTIH:xOHDe5YrvS+tBQSEm
Score3/10 -
-
-
Target
7-zip/TCCTL32.DLL
-
Size
382KB
-
MD5
405a7bca024d33d7d6464129c1b58451
-
SHA1
22b64e211d96d773c510ac82e7a73f8debf4e4cd
-
SHA256
092c3ec01883d3b4b131985b3971f7e2e523252b75f9c2470e0821505c4a3a83
-
SHA512
3c8d4cbf377a8beb793c93b63d521ccd75167dec02da43bb91434cb6b0737ca2d61fa201f2825fd1a0ceaae768bb53d78f737e7c412aae83d3cdc748893f31e6
-
SSDEEP
6144:/0pwbUb486Yu0LIFZf4TktH4aY384az44lstAZPVJ4hPueU12jXvbJaS0T9XjJpX:8pwbUb48Ju0LIFZf4Tk2aY3FasNAZtJp
Score3/10 -
-
-
Target
7-zip/client32.ini
-
Size
644B
-
MD5
4476ca03aa5af31af5b9e6b52a32ce55
-
SHA1
b41340ae70f685e279e708f9450e38b910a60ef7
-
SHA256
2b8d5b9d5fa2e8f7733839bb592a1b1ebc2723a37c8be0410396beb33e2d4648
-
SHA512
75d3a895e6ed586b0963362d3fda9f970e8988d86b2414cf3ec24e4086c9de54b37e2dee1a0dc11b283edb5af66306fcbdd22cab44a42deb263606e8f390ef41
Score1/10 -
-
-
Target
7-zip/msvcr100.dll
-
Size
755KB
-
MD5
0e37fbfa79d349d672456923ec5fbbe3
-
SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
-
SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
-
SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
-
SSDEEP
12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score3/10 -
-
-
Target
7-zip/nskbfltr.inf
-
Size
328B
-
MD5
26e28c01461f7e65c402bdf09923d435
-
SHA1
1d9b5cfcc30436112a7e31d5e4624f52e845c573
-
SHA256
d96856cd944a9f1587907cacef974c0248b7f4210f1689c1e6bcac5fed289368
-
SHA512
c30ec66fecb0a41e91a31804be3a8b6047fc3789306adc106c723b3e5b166127766670c7da38d77d3694d99a8cddb26bc266ee21dba60a148cdf4d6ee10d27d7
Score1/10 -
-
-
Target
7-zip/nsm_vpro.ini
-
Size
46B
-
MD5
3be27483fdcdbf9ebae93234785235e3
-
SHA1
360b61fe19cdc1afb2b34d8c25d8b88a4c843a82
-
SHA256
4bfa4c00414660ba44bddde5216a7f28aeccaa9e2d42df4bbff66db57c60522b
-
SHA512
edbe8cf1cbc5fed80fedf963ade44e08052b19c064e8bca66fa0fe1b332141fbe175b8b727f8f56978d1584baaf27d331947c0b3593aaff5632756199dc470e5
Score1/10 -
-
-
Target
7-zip/pcicapi.dll
-
Size
32KB
-
MD5
dcde2248d19c778a41aa165866dd52d0
-
SHA1
7ec84be84fe23f0b0093b647538737e1f19ebb03
-
SHA256
9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917
-
SHA512
c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166
-
SSDEEP
768:FFvNhAyi5hHA448qZkSn+EgT8To1iTYiu:FCyoHA448qSSzgI2GQ
Score3/10 -
-
-
Target
7-zip/remcmdstub.exe
-
Size
61KB
-
MD5
35da3b727567fab0c7c8426f1261c7f5
-
SHA1
b71557d67bcd427ef928efce7b6a6529226415e6
-
SHA256
89027f1449be9ba1e56dd82d13a947cb3ca319adfe9782f4874fbdc26dc59d09
-
SHA512
14edadceeceb95f5c21fd3a0a349dd2a312d1965268610d6a6067049f34e3577fc96f6ba37b1d6ab8ce21444208c462fa97fab24bbcd77059bc819e12c5efc5a
-
SSDEEP
1536:bJfanvXuN86jJ9hUHYBlXUYwT24a+yVwQ:lanPGjJTU4IYia+yVX
Score3/10 -