Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
28-10-2024 19:43
Static task
static1
Behavioral task
behavioral1
Sample
Rose_1_1_4_2.zip
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Rose_1_1_4_2.zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Rose_1_1_4_2/RoseMenu.dll
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Rose_1_1_4_2/RoseMenu.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Rose_1_1_4_2/Rose_İnjector.exe
Resource
win7-20240903-en
General
-
Target
Rose_1_1_4_2.zip
-
Size
16.1MB
-
MD5
6b27604d6f445bce6ad546885c0c0949
-
SHA1
75967d80043852f69bfc858675298b8fa1da12a9
-
SHA256
3af2d8280ca274b2d5d06e2494a7e99ba1b26c439e426335bf98c1eb640e38fc
-
SHA512
e71d31fdefb7b77787f12ea6a5a712240b3d1146c2e7d9212877a83f8a69cb7509b8bc5928674cfb45f125c721f61f6cc9d30ff588e66bbbf77abcf02cc1d97d
-
SSDEEP
393216:iON95GDgNyOMiyGFty4riUG4/Hv73BwVa6w:iakM4GrjvbBwVa6w
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
7zFM.exedescription pid process Token: SeRestorePrivilege 3468 7zFM.exe Token: 35 3468 7zFM.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
7zFM.exepid process 3468 7zFM.exe