Analysis
-
max time kernel
1361s -
max time network
1155s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
27-10-2024 22:14
General
-
Target
Fantom.zip
-
Size
164KB
-
MD5
23951f15badb4b0a89f6bfc7811b0d4b
-
SHA1
91d0c8260a8d285fea969bd701c6eb5ab901fa53
-
SHA256
f545b85449ee3812dcb219f173f010b76378a84acd3e5bbe1e7b2e308bfd7c64
-
SHA512
a3bf31ce8fb2b7dadf71a07e7765d110308aa419897f0a3dceb1e09be1c6322e69e043f500c5c3489388fcad4930a4795773bd2bbe2c232d5e8ca587b9beadf5
-
SSDEEP
3072:YsWGu6reSVacfSCgmzgtgXD6OOMe96MneBMOG/PVoj13KBMwIuGc/YYoj13KNsqR:K7ougpOL/saqkPV9FemLtcsDSsmw89p2
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Fantom.zip"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵