Analysis
-
max time kernel
16s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
-
submitted
19/11/2024, 11:53
General
-
Target
F4X REGDIT !!.rar
-
Size
564KB
-
MD5
ac4d599bf8c27749fcdc48eeafe9084a
-
SHA1
ccfce20d774bdc0bd79f805e52e113ed93e7d9dc
-
SHA256
f41c29b6f5ffd93498981a62e0acc416d0f14cbc717ef19aa7eefb43d0105d4d
-
SHA512
75636f891c5e358d58e76cbdd5279aae6f5cbdcb9849d6c2942c195d4aa44a82c895652e6279f44df9b61284007d728c533270216effc5fa56377187a181a336
-
SSDEEP
12288:TCRMAHU04vhkL/l5uUYJLNAxGPdkITm7upm1P5smWEu2dwX8ws3CuKIXzNEpNN:3VZkL/jpY/hTm7rCmWEu2cudREnN
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\F4X REGDIT !!.rar"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7zO4C77B3D6\F4X REGDIT !!.exe"C:\Users\Admin\AppData\Local\Temp\7zO4C77B3D6\F4X REGDIT !!.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD5f70900c26196995249c2698144346ad6
SHA12a720cf26e73aca344ea5e3d4c4b02f3dee6e9ea
SHA256f151a0777814f9f7d7ecb97afda87e7529aa2daf65b85b634db0e688443edb4c
SHA51266b7554207f17683966c9680ac3791b0cc6485b498652e8bbdda0df522fb4ef20f4b655e98fe907dd9deeb725ba89a26c1bdda50a6f9af988bcffdbad0861fa3