Overview

overview

10

Static

static

1

S0FTWARE.zip

windows11-21h2-x64

10

S0FTWARE_(...4).zip

windows11-21h2-x64

1

Analysis

  • max time kernel
    436s
  • max time network
    462s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    20-10-2024 20:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    S0FTWARE_(password_1234).zip

  • Size

    152.1MB

  • MD5

    9b5fa5c55c90343d37c37f6146351bbb

  • SHA1

    e3e58468022671236cae687902194efc68bb79f3

  • SHA256

    17c653e206918c482ecb2c2cce6261d8b92f3f9d5c926f8daef4f25451ff8207

  • SHA512

    c4e7f43fb8479de467eacebe7f3784293b22faa0faedf106341464dfe9f41bdc31fdfc784f4e3ee66bf06f543a47369977e31d20a14e729863e74448d121dee7

  • SSDEEP

    3145728:KMSxp7GQQRIhWBxKJSf6yjcH1Cl9eU4MP/uKIdR3wG+ULX5A66uqsjNmvjdPb:5wp7GQ6IhWfKdyjcHEe/MP/vIHwZYpda

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\S0FTWARE_(password_1234).zip"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads