Malware Analysis Report

2025-01-03 09:40

Sample ID 241022-21nn5s1bmr
Target Trojan-Ransom.Python.ChastityLock-Archived.zip
SHA256 b4925cf89244fe0fcd7a70803c93a7890941176d8a8ed41c3bdf513335958d87
Tags
qr link
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

b4925cf89244fe0fcd7a70803c93a7890941176d8a8ed41c3bdf513335958d87

Threat Level: Likely benign

The file Trojan-Ransom.Python.ChastityLock-Archived.zip was found to be: Likely benign.

Malicious Activity Summary

qr link

One or more HTTP URLs in qr code identified

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-10-22 23:03

Signatures

One or more HTTP URLs in qr code identified

qr link

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-22 23:03

Reported

2024-10-22 23:03

Platform

win10-20240404-en

Max time kernel

11s

Command Line

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Trojan-Ransom.Python.ChastityLock-Archived.zip"

Signatures

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Processes

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Trojan-Ransom.Python.ChastityLock-Archived.zip"

Network

N/A

Files

N/A