Overview

overview

10

Static

static

10

Valid8Proxy.rar

windows7-x64

1

Valid8Proxy.rar

windows10-2004-x64

1

Valid8Prox...er.exe

windows7-x64

1

Valid8Prox...er.exe

windows10-2004-x64

6

Valid8Prox...r1.exe

windows7-x64

7

Valid8Prox...r1.exe

windows10-2004-x64

7

Valid8Proxy.pyc

windows7-x64

3

Valid8Proxy.pyc

windows10-2004-x64

3

Valid8Prox...er.exe

windows7-x64

7

Valid8Prox...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    30s
  • max time network
    28s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-12-2024 21:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Valid8Proxy.rar

  • Size

    16.3MB

  • MD5

    b8cee40f531f0bb3bd060183ce70661b

  • SHA1

    599e540a4f7c739776c0ba87eec4db2a7ecbcf5c

  • SHA256

    15b88cd6893f3b2592b58b6daafb976225a3a73ab8e3bfab08c0c49024013849

  • SHA512

    e3a98b3fb7dca428b548dcb092aaf4fb098ff199f73a90af3ef969c2b66fcfac23fe581880d148eb25b3e2f97f8672ab81461490c85fd4f33143b942b19553df

  • SSDEEP

    393216:P9Lq099Q3X/IZDpR8VRCEU3kRlalcm8kmG:P9u09i3XgTKC30jw/Z

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Valid8Proxy.rar"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads