b687de1924f7805b57a1b528ed804d6d2f5e2e3f8058ab904fe0983a9d6a2a36 | Triage

Resubmissions

16/11/2024, 14:42

241116-r3d8daybme 8

16/11/2024, 14:36

241116-rywxmaskdm 10

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
16/11/2024, 14:42

Sharing

Report Analysis Logs

General

Target

Unlock_Tool_v2.6.4.rar
Size

49.9MB
MD5

b1a7540cd12701261738fd879efb2779
SHA1

1b3ad97b572045c61003de254d7833cab2391ee8
SHA256

69289808086eba703c638e42fa8f2adbe274b98ec0e3d005b62560e42a9200f0
SHA512

2a5ffac6840e56a2388f16cbbb737789482108fd77658467d55bcbcd49bcc3a13e942b073951cb3470f2cb42495e41b84404bedb2d4d8da33c9313e2fd944e44
SSDEEP

1572864:5HRk6MsvlqSOFhI63C6w1TMZmm+sIoE435lp4kJr2:BVnlxkr3URo+gN5Aks

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2800	7zFM.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	2800	7zFM.exe
Token: 35	2800	7zFM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2800	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Unlock_Tool_v2.6.4.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads