0f278718311cb0b48b2823ebf1148dcd904f6c31f70b73dc5ae6e26e2341b156 | Triage

Analysis

max time kernel
0s
max time network
1s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
03-12-2024 16:39

Sharing

Report Analysis Logs

General

Target

castle.gz
Size

337B
MD5

fa2698c00eafba8de01b887a8fdf44eb
SHA1

cd2595cbfec9e3d096d0db191ed4769d8b830497
SHA256

0f278718311cb0b48b2823ebf1148dcd904f6c31f70b73dc5ae6e26e2341b156
SHA512

81ed86476f45798531610cf2f4c70b1cb850a7ba8a63eb1a67e437e173ab6b68b369e7ef8b5508dca40b48d47a6e4e4ec3c0e062b46d540f06739e54e0825104

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

7zFM.exe

description	pid	Process
Token: SeRestorePrivilege	544	7zFM.exe
Token: 35	544	7zFM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

7zFM.exe

pid	Process
544	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\castle.gz"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads