a5ea085391291a4adc8c8af69d9e99cd8eb9367690b6df46db7a3a01311ec634 | Triage

Analysis

max time kernel
1558s
max time network
1561s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-10-2024 19:40

Sharing

Report Analysis Logs

General

Target

main.exe.zip
Size

64.7MB
MD5

1edcbc6a314843886194d651bd6464fc
SHA1

0faadc6e04a72935325edc36cd6cc50e446cf65c
SHA256

a5ea085391291a4adc8c8af69d9e99cd8eb9367690b6df46db7a3a01311ec634
SHA512

a22015014505e2f80c7ed8b41ebc74adc546ea74786daa6135bd54095fe6ed06e4ac0117180980e9b340f4f380d636e4892e1b800a91913df2901ff99064737d
SSDEEP

1572864:9bdjA+DMyZ3pnX1hY+bdjA+DMyZ3pRNf65gtlam1klp1:zEdk3j+qEdk3dqNmyl7

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid process

2080 7zFM.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

7zFM.exe

description pid process

Token: SeRestorePrivilege 2080 7zFM.exe
Token: 35 2080 7zFM.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

7zFM.exe

pid process

2080 7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\main.exe.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads