Overview

overview

10

Static

static

10

Client.rar

windows7-x64

1

Client.rar

windows10-2004-x64

1

Client/Cli...lt.exe

windows7-x64

10

Client/Cli...lt.exe

windows10-2004-x64

10

Resubmissions

07-11-2024 06:52

241107-hnee6ayanp 10

07-11-2024 06:51

241107-hmnx7sxjaz 10

07-11-2024 06:49

241107-hlwawswrhz 10

07-11-2024 06:48

241107-hk3ctayaln 10

07-11-2024 06:45

241107-hjdcasyajl 10

05-11-2024 18:32

241105-w6ncnswcqe 10

Analysis

  • max time kernel
    54s
  • max time network
    54s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    07-11-2024 06:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Client.rar

  • Size

    26KB

  • MD5

    54d133c341ccbafcf66473c38e452652

  • SHA1

    13a29d944a56b420f814ae328a4765b62eab7b73

  • SHA256

    5ba163f9a4c8f545e21e8de4f70be6eddb6d2b90137af94e4f95a8d3f5b5ea62

  • SHA512

    a216a0031df75eb5b00996e421de7288e0121719c94dc4d22214778da6e2ed724891e970b33354290a1b99b5b3cd04bc2f280b1189a21c0a0c9a18f8b4f90ce8

  • SSDEEP

    768:wrM20wFwQdr23seLbk7iQY3S3pE0ITIuo2c:+MYFwSqtnk7ix3S574+5

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Client.rar"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1760
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2924
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x4dc
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2812

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads