0b29711ec115c27f4cd6963b9ea1e4febf15624f1c17d1c018611ee3df8c333c | Triage

Analysis

max time kernel
140s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-10-2024 00:20

Sharing

Report Analysis Logs

General

Target

COMPILED.zip
Size

6.9MB
MD5

30b1961a9b56972841a3806e716531d7
SHA1

63c6880d936a60fefc43a51715036c93265a4ae5
SHA256

0b29711ec115c27f4cd6963b9ea1e4febf15624f1c17d1c018611ee3df8c333c
SHA512

9449065743226bd15699e710b2bab2a5bb44866f2d9a8bd1b3529b7c53d68e5ecba935e36406d1b69e1fb050f50e3321ef91bc61faac9790f6209fec6f930ed0
SSDEEP

196608:C+MPQJu8YfQFtMAFMQ5RIhFmQ06L29tJW0SCK5u:C+mQ08YfQNMQ5RI7i9LSCAu

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

7zFM.exe

description pid process

Token: SeRestorePrivilege 2492 7zFM.exe
Token: 35 2492 7zFM.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

7zFM.exe

pid process

2492 7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\COMPILED.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads