Overview

overview

10

Static

static

3

Luxury Cry...0.0.7z

windows7-x64

1

Luxury Cry...0.0.7z

windows10-2004-x64

1

Installati...er.exe

windows7-x64

3

Installati...er.exe

windows10-2004-x64

3

Installati...er.zip

windows7-x64

1

Installati...er.zip

windows10-2004-x64

1

DefenderRemover.exe

windows7-x64

3

DefenderRemover.exe

windows10-2004-x64

3

Installati...DME.md

windows7-x64

3

Installati...DME.md

windows10-2004-x64

3

Luxury Cry...ey.dll

windows7-x64

1

Luxury Cry...ey.dll

windows10-2004-x64

1

Luxury Cry...er.dll

windows7-x64

1

Luxury Cry...er.dll

windows10-2004-x64

1

Luxury Cry...I2.dll

windows7-x64

1

Luxury Cry...I2.dll

windows10-2004-x64

1

Luxury Cry...ge.exe

windows7-x64

1

Luxury Cry...ge.exe

windows10-2004-x64

1

Luxury Cry...��.exe

windows7-x64

10

Luxury Cry...��.exe

windows10-2004-x64

10

安装指�...er.exe

windows7-x64

3

安装指�...er.exe

windows10-2004-x64

3

安装指�...er.zip

windows7-x64

1

安装指�...er.zip

windows10-2004-x64

1

DefenderRemover.exe

windows7-x64

3

DefenderRemover.exe

windows10-2004-x64

3

安装指�...DME.md

windows7-x64

3

安装指�...DME.md

windows10-2004-x64

3

Analysis

  • max time kernel
    432s
  • max time network
    434s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-10-2024 15:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Installation Guide/DefenderRemover.zip

  • Size

    505KB

  • MD5

    b021f7c45fe950f48b4768d3e1182a2d

  • SHA1

    5a8adbbc093e85bb1128629ea36a168e7e460da1

  • SHA256

    af20364d2e09cde933412c059f5295d296dd189507294ebe786a69d6eb3cafe6

  • SHA512

    01f04b4671259a897ab3b446265e882f3780b3177410f16bf3a404231205bb5f9f1883efabebafd57f4d974908a4faafa5bde7fb10eb8fdcd3008fde748b39a4

  • SSDEEP

    12288:n7SDe/kYAhSoTHD9Xa9lovLoS/x790K9KoybuHq6f6diYgyd:n7SqAhS4KQoS/PVQ4Hedixyd

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Installation Guide\DefenderRemover.zip"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads