Overview

overview

7

Static

static

3

AkynGuNOxW.zip

windows7-x64

7

AkynGuNOxW.zip

windows10-2004-x64

7

Analysis

  • max time kernel
    50s
  • max time network
    37s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-11-2024 05:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AkynGuNOxW.zip

  • Size

    13.9MB

  • MD5

    2b1ce866e0a5cca9d1d996f0aecf8cb2

  • SHA1

    54926806f2c9c96d5c0ecf7eb0c70101bb4c4312

  • SHA256

    478fc3ddaaa253dc2c817d32ec61afcaad26c39c2fd13a3800bbb2320c65a18a

  • SHA512

    5d9ee18ec38022af993a5bcccd1452aedae57244e3cd68d9d2051c7b3b53614567b9ce075e778937f231394f5a3d2eb4eca050c7bdd7f0aebd035009bacada94

  • SSDEEP

    393216:fkspUfT02n3y9QSdVUAcX/LznJ4DQL5LE1ubvIu5Z+mVXu+5r92hruZ:fbpUfTrAGjLzSDYw1gIau+N9x

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\AkynGuNOxW.zip"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1464
    • C:\Users\Admin\AppData\Local\Temp\7zO8B570718\BetterZoraraUI.exe
      "C:\Users\Admin\AppData\Local\Temp\7zO8B570718\BetterZoraraUI.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2436
    • C:\Users\Admin\AppData\Local\Temp\7zO8B55EA18\BetterZoraraUI.exe
      "C:\Users\Admin\AppData\Local\Temp\7zO8B55EA18\BetterZoraraUI.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zO8B570718\BetterZoraraUI.exe
    Filesize

    304KB

    MD5

    2ef5940d7d0778a7162db0bde674f6d3

    SHA1

    a3115c13d1f9c56f480ac4473d1e87f69ee96c91

    SHA256

    6645fca8828f8e40c979762acc471b075cd0680500e34acd23c78fc6041818c6

    SHA512

    e2e18bb5f097e1019be418f25531fb62a2fd97c9a7a3286a46731e20324d1df29ac8babaf87a3ea7bb730db8e7ae8548554a4f69faf6302c2ad529d7c578ca1b

    Download Submit