Overview

overview

1

Static

static

1

MailFlow-Engine.zip

windows7-x64

1

MailFlow-Engine.zip

windows10-2004-x64

1

Analysis

  • max time kernel
    139s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/10/2024, 21:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MailFlow-Engine.zip

  • Size

    553KB

  • MD5

    06fd288ed3407927315f089b8e15aa82

  • SHA1

    017ee88993d3ad7a469fa17b358e3b1b1fc40d59

  • SHA256

    f49373fd2f22636c26e5921fc61483f08ca1a0e797d0cc7cd616a56d9e449152

  • SHA512

    b39b5d3b8f66ce2edf0f71cd860a6e4e48146c44b4f02fd646a5fb1d3fe3a4cc75d12bee19f6c449216e8a3c5c316dc4700b86324f3c0c56b4699b5c0d2b9040

  • SSDEEP

    12288:OhhNDJ9JDZcVHCXLmmtOCDHwz/BPbPQJQQ8G/t7mlBXFOV:YhvbFcMXamBHwTFbPk8eKTFU

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\MailFlow-Engine.zip"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads