Analysis
-
max time kernel
135s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
28-10-2024 01:56
Static task
static1
Behavioral task
behavioral1
Sample
Lana_Rhoades_Photoos.zip
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Lana_Rhoades_Photoos.zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
'''.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
'''.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Lana_Rhoades_Photoos.js
Resource
win7-20240903-en
General
-
Target
Lana_Rhoades_Photoos.zip
-
Size
1.9MB
-
MD5
aaac1d8a5866626d21a15cc8473abdbc
-
SHA1
4558b9b274de81bf5662d51741b552a09b9b5f98
-
SHA256
6453d1e7bccbd170145d8565525fffd2f9d6f824dadbb91bc3d40e85ac75eca2
-
SHA512
c6a73ace2f4c51c29971a575509bea56ac5b01432acc99e218197e64ce88765d7d3944080a3c114a570b3ed8efe0040368bc64b7a028704a9267434aa93744f3
-
SSDEEP
49152:L3xaSpB8fn07tugzUlQFPglLM9kdnZFeHNsnWPZyp/7:L3UWB8v05UvlA9kJZFetJhW/7
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
7zFM.exepid process 3660 7zFM.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
7zFM.exedescription pid process Token: SeRestorePrivilege 3660 7zFM.exe Token: 35 3660 7zFM.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
7zFM.exepid process 3660 7zFM.exe