966f1a3f09434d129c3601f3e1f76c8a941e70a6e07186841fd4142b0d13de5a | Triage

Analysis

max time kernel
780s
max time network
1154s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
04-12-2024 12:03

Sharing

Report Analysis Logs

General

Target

xxSMTPxx.rar
Size

4.4MB
MD5

8bbf7b847e7d9186ddff364f38d96dd2
SHA1

65dbe43eb900f655b36cbb8922bd0263effccbd0
SHA256

966f1a3f09434d129c3601f3e1f76c8a941e70a6e07186841fd4142b0d13de5a
SHA512

11ad338fdb66f88c8512fe2fd6092b8acd8fbdb90634e4d56034198140ced1b63c8bea2fd494baee837e33def7eb244e06109170b7523b594b9fb826279978f2
SSDEEP

98304:7C62cIMiyiHXkF6k6OtvK0O4gQJgs/wo6w:7rzIMid3kFp6b0ZgQy0woB

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2068	7zFM.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	2068	7zFM.exe
Token: 35	2068	7zFM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2068	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\xxSMTPxx.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads