Overview

overview

1

Static

static

1

20241114_e...es.zip

windows10-ltsc 2021-x64

1

Analysis

  • max time kernel
    155s
  • max time network
    160s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    21-11-2024 11:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    20241114_encrypted_files.zip

  • Size

    431B

  • MD5

    7df595cf49a731777439cd84c5c4ac06

  • SHA1

    137229ea679eb9861bef9c9c0f83d1df9359e233

  • SHA256

    81b69cefa60a3bf015a5b7ce30d05732013a20667dba48ce1a17da8c03421d28

  • SHA512

    44b6d03e8111111e3509bed9a8b0bd7d1bab0a7f6103fee77806b6369cd64ff73c1c37f0d1d2a0f88bf0e10b96a53844eeee839ae7f3abf24e98f2fc35908d53

Score
1/10

Malware Config

Signatures

  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 31 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\20241114_encrypted_files.zip"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3036
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1860
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\20241114_encrypted_files\" -spe -an -ai#7zMap11672:128:7zEvent5071
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:1264
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\20241114_encrypted_files\" -spe -an -ai#7zMap14305:128:7zEvent15558
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:3660
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:224
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\20241114_encrypted_files\no_filename
        2⤵
          PID:2800

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\20241114_encrypted_files\no_filename
        Filesize

        252B

        MD5

        96ed2916f9074efe49b6d161cc1a478e

        SHA1

        f68159f010dbdd57d6849f750bf43f07c7d193f4

        SHA256

        6dcd40e6183c24a930564b42605b8703546a544fecefd538e48a302588c39555

        SHA512

        cbbca9498ed6200382df03ec79174fad3f36efc3a933e5e71f35438d096629f95d5c493ab41975b3191d0cb301b0b4732724e2bdbf97ba97685c548042b67000

        Download Submit