1a4e99c578361dde71a91e73b05c597e70f451d9b65286e89cacc3371de0ec26 | Triage

Analysis

max time kernel
91s
max time network
93s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
19-10-2024 17:33

Sharing

Report Analysis Logs

General

Target

5d4r8t9u.rar
Size

446KB
MD5

b70b11b5dcbcd2a2d8acb9ef7f0597cf
SHA1

c5515f738e5fee61fa9262a32cd823f3bbab2c88
SHA256

1a4e99c578361dde71a91e73b05c597e70f451d9b65286e89cacc3371de0ec26
SHA512

7f56bb7de90e415699702a125b719f36ebb972b3dbe8c1f59c8a4600656e636a5f2e6cafe7e3fc64130498533238f5c2b002147da191eb441d128b0631e12e8c
SSDEEP

12288:C8PhmUwSfZ+c4/CI9p9zZFKJNOaxswXkq6:CucUwYZH4nlZFKGKdR6

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	1268	7zFM.exe
Token: 35	1268	7zFM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1268	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\5d4r8t9u.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads