24b4ab604c01ad537704980ce0e2dc8f97ef4f59e0453918eed6de272dc93ee0

Resubmissions

19/11/2024, 16:46

19/11/2024, 16:43

max time kernel
117s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 16:46

Target

FACUTURAS ISES-AIRE/CON ACEPTACION TACITA/FE8914.zip
Size

1.4MB
MD5

be767bb40149e3f75c71dab3b0e299da
SHA1

c016761456b75713eaf003df8065a3c6f9f52ce1
SHA256

cf0854f7e4dcf185716d50ffe698c1b27fd19ee197b7784d8ecbc7590a288575
SHA512

74f9ffd9b4b0f4c7214fe54026561c8666e621143917a6ccbe2955f529d7b57036396436634788abf8bb48f9fd3d362c27d78a3b810357f6137968e216738e3b
SSDEEP

24576:kNTjOujHCBzrz3ugOtVtvm1GjR5xhrdUTFLtg2fgkajP29H/cj9RksI1cPyco:kL2BL3zOt/uknshK24ka729f0I1eo

Score

1^/10

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	7zFM.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3244	7zFM.exe
3244	7zFM.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3244	7zFM.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3244	7zFM.exe
3244	7zFM.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3244 wrote to memory of 1528	3244	7zFM.exe	97
PID 3244 wrote to memory of 1528	3244	7zFM.exe	97

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\FACUTURAS ISES-AIRE\CON ACEPTACION TACITA\FE8914.zip"
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3244
- C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
  "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\7zOCAC5C659\fv09004135880212400FE8914.xml"
  2⤵
  PID:1528

C:\Users\Admin\AppData\Local\Temp\7zOCAC5C659\fv09004135880212400FE8914.xml

Filesize
22KB

MD5
f3ab318ff6d26a57398be32a034f918e

SHA1
c97c0098cb77cab7db0e19bce85953309b1cb9a8

SHA256
10ea0f98bee67107087bcb7a6f8a03d7b070e3f587b3c29d9a18ec384eff4731

SHA512
75df09cc8efc59bd450b48241d76bcec7e034c88ae24b4cad03d9d7d7d66b34953211528d913b4e7c05686d638638c812f81c93013deede6268bfc2c30c60f6c

Download Submit
memory/1528-6-0x00007FF9F994D000-0x00007FF9F994E000-memory.dmp

Filesize
4KB

Download
memory/1528-5-0x00007FF9B9930000-0x00007FF9B9940000-memory.dmp

Filesize
64KB

Download
memory/1528-7-0x00007FF9F98B0000-0x00007FF9F9AA5000-memory.dmp

Filesize
2.0MB

Download
memory/1528-8-0x00007FF9F98B0000-0x00007FF9F9AA5000-memory.dmp

Filesize
2.0MB

Download
memory/1528-9-0x00007FF9F98B0000-0x00007FF9F9AA5000-memory.dmp

Filesize
2.0MB

Download