Overview
overview
10Static
static
37z2408/7Zz.exe
windows7-x64
107z2408/7Zz.exe
windows10-2004-x64
107z2408/7z2408-x64.exe
windows7-x64
77z2408/7z2408-x64.exe
windows10-2004-x64
77z2408/Aud...re.dll
windows7-x64
37z2408/Aud...re.dll
windows10-2004-x64
37z2408/HTCTL32.dll
windows7-x64
37z2408/HTCTL32.dll
windows10-2004-x64
37z2408/PCICHEK.dll
windows7-x64
37z2408/PCICHEK.dll
windows10-2004-x64
37z2408/PCICL32.dll
windows7-x64
37z2408/PCICL32.dll
windows10-2004-x64
37z2408/TCCTL32.dll
windows7-x64
37z2408/TCCTL32.dll
windows10-2004-x64
37z2408/msvcr100.dll
windows7-x64
37z2408/msvcr100.dll
windows10-2004-x64
37z2408/pcicapi.dll
windows7-x64
37z2408/pcicapi.dll
windows10-2004-x64
37z2408/remcmdstub.exe
windows7-x64
37z2408/remcmdstub.exe
windows10-2004-x64
3Analysis
-
max time kernel
140s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
29-10-2024 16:16
Static task
static1
Behavioral task
behavioral1
Sample
7z2408/7Zz.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral2
Sample
7z2408/7Zz.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
7z2408/7z2408-x64.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
7z2408/7z2408-x64.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
7z2408/AudioCapture.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
7z2408/AudioCapture.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
7z2408/HTCTL32.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral8
Sample
7z2408/HTCTL32.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
7z2408/PCICHEK.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral10
Sample
7z2408/PCICHEK.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
7z2408/PCICL32.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral12
Sample
7z2408/PCICL32.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
7z2408/TCCTL32.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral14
Sample
7z2408/TCCTL32.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
7z2408/msvcr100.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral16
Sample
7z2408/msvcr100.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
7z2408/pcicapi.dll
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral18
Sample
7z2408/pcicapi.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
7z2408/remcmdstub.exe
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral20
Sample
7z2408/remcmdstub.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
General
-
Target
7z2408/7z2408-x64.exe
-
Size
1.5MB
-
MD5
0330d0bd7341a9afe5b6d161b1ff4aa1
-
SHA1
86918e72f2e43c9c664c246e62b41452d662fbf3
-
SHA256
67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b
-
SHA512
850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1
-
SSDEEP
24576:UEBmEo1y9fcw5K42KmEDaMYAhr08oSG4OdWrfjcaHSNXJdx7wE9iko6qzLJmYYUP:UEvoo24xV2JJdPwMJ3x75z5q0jc/3
Malware Config
Signatures
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
7z2408-x64.exedescription ioc Process File opened for modification C:\Program Files\7-Zip\Lang\be.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\7z.exe 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\fa.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\kk.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\gl.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\History.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\br.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\hi.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ru.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\en.ttt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\zh-tw.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ca.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\mk.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\sv.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\el.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\eu.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\mr.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\fi.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\si.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ku.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\readme.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\eo.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\es.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\it.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\hr.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\hy.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\an.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ar.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ug.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\7zFM.exe 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\descript.ion 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\af.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\co.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\cs.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ms.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\7z.sfx 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ext.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ga.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\uz.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\7zG.exe 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\sr-spc.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ta.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\License.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\io.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ja.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\lv.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\nn.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\az.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ko.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\pa-in.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\7-zip.dll 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\bn.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\pt-br.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\yo.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\gu.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\mng.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\pl.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\va.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\fr.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\id.txt 7z2408-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\nl.txt 7z2408-x64.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
7z2408-x64.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7z2408-x64.exe -
Modifies registry class 20 IoCs
Processes:
7z2408-x64.exedescription ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip 7z2408-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" 7z2408-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" 7z2408-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip 7z2408-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" 7z2408-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" 7z2408-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} 7z2408-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip 7z2408-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip 7z2408-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip 7z2408-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} 7z2408-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" 7z2408-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" 7z2408-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" 7z2408-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" 7z2408-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" 7z2408-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 7z2408-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 7z2408-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" 7z2408-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" 7z2408-x64.exe