Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11/11/2024, 10:57

General

  • Target

    Bootstrapper.zip

  • Size

    5.5MB

  • MD5

    9ba94ac44294258328b5b23e6fbcaf4a

  • SHA1

    3ef50da71c5800f02680733b184bb11bb0ca309b

  • SHA256

    a9e76b770fb8a61f793a61ca6701e1f76ea95282d5a3647d8dfccf1b560f401a

  • SHA512

    52e3118e8e40d621275d0ce3157138bb0e9a4d56c1c570666930de60e46e8050af8e0c377aea2e5ccee2ff78c427576bd4954226a0f800eac6cabbaa70f267ce

  • SSDEEP

    98304:HUxBxVYLNchCiExF8pIV/hIy3D25GmoQ5ReIpL6Xh+SC+rnM/BnspjhlvkHeBA:0/biriUei/+boQ5EIpLoznI/tsp1lsHr

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 9 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Bootstrapper.zip"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:3060
    • C:\Users\Admin\AppData\Local\Temp\7zO4FB62217\Bootstrapper.exe
      "C:\Users\Admin\AppData\Local\Temp\7zO4FB62217\Bootstrapper.exe"
      2⤵
      • Executes dropped EXE
      PID:2628
    • C:\Users\Admin\AppData\Local\Temp\7zO4FBE6977\Bootstrapper.exe
      "C:\Users\Admin\AppData\Local\Temp\7zO4FBE6977\Bootstrapper.exe"
      2⤵
      • Executes dropped EXE
      PID:2940
    • C:\Users\Admin\AppData\Local\Temp\7zO4FB3E047\Bootstrapper.exe
      "C:\Users\Admin\AppData\Local\Temp\7zO4FB3E047\Bootstrapper.exe"
      2⤵
      • Executes dropped EXE
      PID:2836

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\7zO4FB62217\Bootstrapper.exe

          Filesize

          9.4MB

          MD5

          f2a6133b7f38fc49f792ae799d1b4750

          SHA1

          6bef46ddde325f45a0e9ff123112c96bbd47c795

          SHA256

          37bde6655e1272e159b9c2e3a7eee3f4e9a837c0f04240645d3991d112287f8d

          SHA512

          f9611bed83b4bce1841868880a42dacb6b8f7e8859be1d85b3c8d3a365a0244566cbfb12294c7b2c82b15d6c0e47095d8246a95d522c3a064a0d8511b2411254