478fc3ddaaa253dc2c817d32ec61afcaad26c39c2fd13a3800bbb2320c65a18a

Analysis

max time kernel
17s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
30-11-2024 05:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AkynGuNOxW.zip
Size

13.9MB
MD5

2b1ce866e0a5cca9d1d996f0aecf8cb2
SHA1

54926806f2c9c96d5c0ecf7eb0c70101bb4c4312
SHA256

478fc3ddaaa253dc2c817d32ec61afcaad26c39c2fd13a3800bbb2320c65a18a
SHA512

5d9ee18ec38022af993a5bcccd1452aedae57244e3cd68d9d2051c7b3b53614567b9ce075e778937f231394f5a3d2eb4eca050c7bdd7f0aebd035009bacada94
SSDEEP

393216:fkspUfT02n3y9QSdVUAcX/LznJ4DQL5LE1ubvIu5Z+mVXu+5r92hruZ:fbpUfTrAGjLzSDYw1gIau+N9x

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1396	Process not Found
1396	Process not Found
1396	Process not Found

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2296	7zFM.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	2296	7zFM.exe
Token: 35	2296	7zFM.exe
Token: SeSecurityPrivilege	2296	7zFM.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2296	7zFM.exe
2296	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\AkynGuNOxW.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\BetterZoraraUI.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\Desktop\BetterZoraraUI.exe.WebView2\EBWebView\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\Desktop\BetterZoraraUI.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\Desktop\BetterZoraraUI.exe.WebView2\EBWebView\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\Desktop\BetterZoraraUI.exe.WebView2\EBWebView\Default\GPUCache\data_1

Filesize
264KB

MD5
6f718f28120b030e4b3445cef2b04f74

SHA1
72e103f8e7eb8600322fa1a201980b7a3842c3a7

SHA256
bf3cf38dade74f404024cab4e403cff8739adc082ff6c07212aba04bf8c440f1

SHA512
e67e388ae68dbb789579721bb254355c62e746d3ac0f7936a2147a07bf812e8b7e9edf127c6d01f0b41cc2f65b51798d3bbd390adfe57a807cc948c22b500c24

Download Submit
C:\Users\Admin\Desktop\BetterZoraraUI.exe.WebView2\EBWebView\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\Desktop\BetterZoraraUI.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\Desktop\workspace\.tests\isfile.txt

Filesize
7B

MD5
260ca9dd8a4577fc00b7bd5810298076

SHA1
53a5687cb26dc41f2ab4033e97e13adefd3740d6

SHA256
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

SHA512
51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

Download Submit
\Users\Admin\Desktop\BetterZoraraUI.exe

Filesize
304KB

MD5
2ef5940d7d0778a7162db0bde674f6d3

SHA1
a3115c13d1f9c56f480ac4473d1e87f69ee96c91

SHA256
6645fca8828f8e40c979762acc471b075cd0680500e34acd23c78fc6041818c6

SHA512
e2e18bb5f097e1019be418f25531fb62a2fd97c9a7a3286a46731e20324d1df29ac8babaf87a3ea7bb730db8e7ae8548554a4f69faf6302c2ad529d7c578ca1b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads