b36314ddd6a40030323302f2566d2bd73dce793c7f47a4a1ed2f76025c1c8afc

Resubmissions

13-10-2024 14:28

13-10-2024 14:24

max time kernel
129s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-10-2024 14:28

Target

0 Mouse Delay + Input Delay.rar
Size

3.0MB
MD5

0c528e3b045c5ab227f5eafddddd801b
SHA1

7cee0f0b1a21714d24ae80c214614df116228f43
SHA256

b36314ddd6a40030323302f2566d2bd73dce793c7f47a4a1ed2f76025c1c8afc
SHA512

e7c412af691b02fc52c8be76f0410df8096b93a1b9aadcca034f30bdb40986a7149f402af4d87e5e6896288b696bbdd1ffbb6ff884af2340098e18ea6cbd1d7d
SSDEEP

49152:6NTztXrN1e+ruNNmFIVQY068frKe1z/WWloIIy8zBofzDua8bJSa9/E1FHhfWJN6:6N1b/e+ruHq4068frKIz/WxIVkofz/o+

Score

1^/10

Suspicious behavior: EnumeratesProcesses 3 IoCs

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2304	7zFM.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Suspicious use of FindShellTrayWindow 6 IoCs

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 2528	2304	7zFM.exe	30
PID 2304 wrote to memory of 2528	2304	7zFM.exe	30
PID 2304 wrote to memory of 2528	2304	7zFM.exe	30
PID 2304 wrote to memory of 2172	2304	7zFM.exe	32
PID 2304 wrote to memory of 2172	2304	7zFM.exe	32
PID 2304 wrote to memory of 2172	2304	7zFM.exe	32
PID 2304 wrote to memory of 2796	2304	7zFM.exe	33
PID 2304 wrote to memory of 2796	2304	7zFM.exe	33
PID 2304 wrote to memory of 2796	2304	7zFM.exe	33

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\0 Mouse Delay + Input Delay.rar"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Windows\notepad.exe
  "C:\Windows\notepad.exe" "C:\Users\Admin\AppData\Local\Temp\7zO0097B886\0 Mouse Delay.reg"
  2⤵
  PID:2528
- C:\Windows\notepad.exe
  "C:\Windows\notepad.exe" "C:\Users\Admin\AppData\Local\Temp\7zO00929227\Delay Reducer.reg"
  2⤵
  PID:2172
- C:\Windows\notepad.exe
  "C:\Windows\notepad.exe" "C:\Users\Admin\AppData\Local\Temp\7zO009FA4B7\Input Delay V2.reg"
  2⤵
  PID:2796

C:\Users\Admin\AppData\Local\Temp\7zO00929227\Delay Reducer.reg

Filesize
421B

MD5
15dbb8ab08a3c872eb8de86a9499baf4

SHA1
3bab0de81ece7410159c83f4b3451b5af54869bb

SHA256
144243d6a71b302d6b2a076562f1d7a71b7a02e8e144fcfba1c037baef8dc84d

SHA512
24bc2c46a7ac7be6b6362eb502da59782ece03186bbdda7c4a15904fab6a7dc246358a9a6ae2135384be9e4f8f99ed8ca2a4b6cca16fe79f746d7e387f29da98

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0097B886\0 Mouse Delay.reg

Filesize
381B

MD5
38289d707fa88eb65305a206ae22eab3

SHA1
f011057298a8f47947047157544a31609805449a

SHA256
ad9e9b34ec4f48b4472ed9a296b36dd531acfeb32e8a86e98216e1977723600c

SHA512
7c6b711a3c2a7d2c181cf0e9a86a9d2f6f38ad1b8c47977ddf567f921815e6f6384eedba15a0f34526cea4081a537f89ce1f46a61fba2314c945c9bc939580a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO009FA4B7\Input Delay V2.reg

Filesize
1KB

MD5
e28da2ed9d241df9f2748de3aa14216e

SHA1
333f6a38446c2a53ffb43c1405cd585c525c0c53

SHA256
a68312fefa1593ff2399356d847fba9ca38165b1010d8b182070ad575b59c1a0

SHA512
8b46271861dde566b8873cc7db0fca4d8e9daf138524232a62e128207e41d15b31af8f58fdeb194e193619384ad4736fe77176f96196ac766c9cd95066fde34e

Download Submit
memory/2304-12-0x0000000003810000-0x0000000003820000-memory.dmp

Filesize
64KB

Download