Analysis
-
max time kernel
363s -
max time network
365s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
21/11/2024, 11:02
General
-
Target
illil.zip
-
Size
152B
-
MD5
a392d3ea1273190dac1c392ea3742e66
-
SHA1
7cb70c753b59b36657eb4c2d4aef0168fccedb2e
-
SHA256
7d4c8704094207a1cb9a3a6fd9abb5130a05c718e6fbf47179a89d045bd25852
-
SHA512
e590f80e3bfb7a89773e5e261f8552eb12ce632c540cfbc5ff505ff36e20bac34f672337c471d7b05f897ee85fd65e147ea2c63ecfa5208b6753ad2a54372123
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\illil.zip"1⤵
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\7zO8E87679A\illil.pdf"2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-