Analysis
-
max time kernel
24s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
17/10/2024, 16:41
General
-
Target
heroes-of-might-and-magic-3-platinum-collection-v40-russian-no-cdfixed-exe.7z
-
Size
924KB
-
MD5
8ed2a8aa55fad106edb4fe7136ec68e1
-
SHA1
75ba30f0a6a82adb69e3355df8bc578a60772126
-
SHA256
a3b6c975f91fd07904d0fc7c6e09be2b009295f1839c6674b296f3f5835bc17a
-
SHA512
f62af045efdb6dc84894e695336e2133d4681cb0d950297938704808d1adc823198da021f1ef9ac6835f325a248f461f90f5132ac116ccbb6522a25bd921743c
-
SSDEEP
24576:OuHkCZqPyxEerdBWCU0j5L/oR9iCiFwy4nA:OWZaei0aR+wy4nA
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\heroes-of-might-and-magic-3-platinum-collection-v40-russian-no-cdfixed-exe.7z"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7zO0DBB9B87\Heroes3.exe"C:\Users\Admin\AppData\Local\Temp\7zO0DBB9B87\Heroes3.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.6MB
MD555be6a65157a1d4f6912817ad96e33c8
SHA1a1f72226ac15d5966e70c52a829fd13b500cf31e
SHA2563e4dcb2c0f9105b25b63dc324a440cb4d5e1ef899174c5319a3bbaad5ebe3ee6
SHA512e28453f6d3ed9f7f2fd1630f338348cb278f9e2abb3fb649c730fdbc07bd037a38361c6ca3fea96d8826ccde105768cde765702239980cd1be496f657f3db95a