0c12eebdff77b14f70d30cc1bdf7636bbec5b8a7b8e4f7c0e611c68db89b378f | Triage

Analysis

max time kernel
13s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
14-10-2024 17:38

Sharing

Report Analysis Logs

General

Target

THUNDER.zip
Size

8.6MB
MD5

fae85fecdfeb370d3f54f9d421d926f8
SHA1

8f9c902f0922637694e1a3f24fba462e78ff7d15
SHA256

0c12eebdff77b14f70d30cc1bdf7636bbec5b8a7b8e4f7c0e611c68db89b378f
SHA512

1abe2496c39b0fa9070c25d70d7c2848cfdb347f9882bf7201ac6b683fd2ecf06e3fec4b70ebb47606657bab464c1d7455a7665b34d154957647a6bf1d37d64d
SSDEEP

196608:9xHh4378Z1drAS0FxdII1JeE33V3SxoAIi8H92VsG2Z0A:Phw8ndrrs51Fnlhifa

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2460	7zFM.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	2460	7zFM.exe
Token: 35	2460	7zFM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2460	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\THUNDER.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads