5ba163f9a4c8f545e21e8de4f70be6eddb6d2b90137af94e4f95a8d3f5b5ea62 | Triage

Resubmissions

07-11-2024 06:52

241107-hnee6ayanp 10

07-11-2024 06:51

241107-hmnx7sxjaz 10

07-11-2024 06:49

241107-hlwawswrhz 10

07-11-2024 06:48

241107-hk3ctayaln 10

07-11-2024 06:45

241107-hjdcasyajl 10

05-11-2024 18:32

241105-w6ncnswcqe 10

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2024 06:49

Sharing

Report Analysis Logs

General

Target

Client.rar
Size

26KB
MD5

54d133c341ccbafcf66473c38e452652
SHA1

13a29d944a56b420f814ae328a4765b62eab7b73
SHA256

5ba163f9a4c8f545e21e8de4f70be6eddb6d2b90137af94e4f95a8d3f5b5ea62
SHA512

a216a0031df75eb5b00996e421de7288e0121719c94dc4d22214778da6e2ed724891e970b33354290a1b99b5b3cd04bc2f280b1189a21c0a0c9a18f8b4f90ce8
SSDEEP

768:wrM20wFwQdr23seLbk7iQY3S3pE0ITIuo2c:+MYFwSqtnk7ix3S574+5

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

7zFM.exe

description pid process

Token: SeRestorePrivilege 5112 7zFM.exe
Token: 35 5112 7zFM.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

7zFM.exe

pid process

5112 7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Client.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads