596db0b26451c60e2e618dd98f126e3932e238baa0432867203f83df27debd03 | Triage

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
26-11-2024 00:52

Sharing

Report Analysis Logs

General

Target

release_ZYEPDenPwGhK14H.rar
Size

29.4MB
MD5

f5feb34e2a5c5f98d99bf419c3bf7095
SHA1

fe5164865b215081ab080eabbceb3ca7684a19f4
SHA256

596db0b26451c60e2e618dd98f126e3932e238baa0432867203f83df27debd03
SHA512

4d30fd23e77355ece63f20fd83b22b5f76bea7097e6f8ba9c18528b2abe98706a48aeb53dfd7b2aa1dcd8b0c4294b2bc4a2c99025885da842b2bb7b3cff8597f
SSDEEP

786432:q5rngpqNgncFFuOYTlTUP1eyThCFoJiSGY3y:qhgpggncniTl4YQhCFoJi23y

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

7zFM.exe

description pid process

Token: SeRestorePrivilege 1556 7zFM.exe
Token: 35 1556 7zFM.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

7zFM.exe

pid process

1556 7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\release_ZYEPDenPwGhK14H.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads