f5130b7f56e9585fec62e97af6e46eabfdb74cb465d999663b88066bb8f1f060

Submit
Reports

Overview

overview

Static

static

Debug/Micr...es.xml

windows7-x64

Debug/Micr...es.xml

windows10-2004-x64

Debug/Mona...xclude

windows7-x64

Debug/Mona...xclude

windows10-2004-x64

Debug/Mona...ar.ttf

windows7-x64

Debug/Mona...ar.ttf

windows10-2004-x64

Debug/Mona....woff2

windows7-x64

Debug/Mona....woff2

windows10-2004-x64

Debug/Mona...on.ttf

windows7-x64

Debug/Mona...on.ttf

windows10-2004-x64

Debug/Nexa..._1.zip

windows7-x64

Debug/Nexa..._1.zip

windows10-2004-x64

Debug/Nexa..._1.zip

windows7-x64

Debug/Nexa..._1.zip

windows10-2004-x64

Debug/Nexa..._1.zip

windows7-x64

Debug/Nexa..._1.zip

windows10-2004-x64

Debug/Nexa..._1.zip

windows7-x64

Debug/Nexa..._1.zip

windows10-2004-x64

Debug/Nexa..._1.zip

windows7-x64

Debug/Nexa..._1.zip

windows10-2004-x64

Debug/Nexa...s.json

windows7-x64

Debug/Nexa...s.json

windows10-2004-x64

Debug/Nexa...af.hyb

windows7-x64

Debug/Nexa...af.hyb

windows10-2004-x64

Debug/Nexa...as.hyb

windows7-x64

Debug/Nexa...as.hyb

windows10-2004-x64

Debug/Nexa...be.hyb

windows7-x64

Debug/Nexa...be.hyb

windows10-2004-x64

Debug/Nexa...bg.hyb

windows7-x64

Debug/Nexa...bg.hyb

windows10-2004-x64

Debug/Nexa...bn.hyb

windows7-x64

Debug/Nexa...bn.hyb

windows10-2004-x64

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09-12-2024 23:59

Sharing

Copy URL

Twitter E-mail

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Debug/Microsoft.Bcl.AsyncInterfaces.xml

Resource

win7-20240903-en

discovery

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

Debug/Microsoft.Bcl.AsyncInterfaces.xml

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

Debug/Monaco/.git/info/exclude

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

Debug/Monaco/.git/info/exclude

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

Debug/Monaco/Fonts/JetBrainsMono-Regular.ttf

Resource

win7-20241023-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral6

Sample

Debug/Monaco/Fonts/JetBrainsMono-Regular.ttf

Resource

win10v2004-20241007-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral7

Sample

Debug/Monaco/Fonts/JetBrainsMono-Regular.woff2

Resource

win7-20240903-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral8

Sample

Debug/Monaco/Fonts/JetBrainsMono-Regular.woff2

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral9

Sample

Debug/Monaco/vs/base/browser/ui/codicons/codicon/codicon.ttf

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral10

Sample

Debug/Monaco/vs/base/browser/ui/codicons/codicon/codicon.ttf

Resource

win10v2004-20241007-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral11

Sample

Debug/Nexam.exe.WebView2/EBWebView/component_crx_cache/fppmbhmldokgmleojlplaaodlkibgikh_1.zip

Resource

win7-20241023-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral12

Sample

Debug/Nexam.exe.WebView2/EBWebView/component_crx_cache/fppmbhmldokgmleojlplaaodlkibgikh_1.zip

Resource

win10v2004-20241007-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral13

Sample

Debug/Nexam.exe.WebView2/EBWebView/component_crx_cache/kpfehajjjbbcifeehjgfgnabifknmdad_1.zip

Resource

win7-20240708-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral14

Sample

Debug/Nexam.exe.WebView2/EBWebView/component_crx_cache/kpfehajjjbbcifeehjgfgnabifknmdad_1.zip

Resource

win10v2004-20241007-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral15

Sample

Debug/Nexam.exe.WebView2/EBWebView/component_crx_cache/ndikpojcjlepofdkaaldkinkjbeeebkl_1.zip

Resource

win7-20241010-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral16

Sample

Debug/Nexam.exe.WebView2/EBWebView/component_crx_cache/ndikpojcjlepofdkaaldkinkjbeeebkl_1.zip

Resource

win10v2004-20241007-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral17

Sample

Debug/Nexam.exe.WebView2/EBWebView/component_crx_cache/oankkpibpaokgecfckkdkgaoafllipag_1.zip

Resource

win7-20240903-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral18

Sample

Debug/Nexam.exe.WebView2/EBWebView/component_crx_cache/oankkpibpaokgecfckkdkgaoafllipag_1.zip

Resource

win10v2004-20241007-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral19

Sample

Debug/Nexam.exe.WebView2/EBWebView/component_crx_cache/ohckeflnhegojcjlcpbfpciadgikcohk_1.zip

Resource

win7-20240903-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral20

Sample

Debug/Nexam.exe.WebView2/EBWebView/component_crx_cache/ohckeflnhegojcjlcpbfpciadgikcohk_1.zip

Resource

win10v2004-20241007-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral21

Sample

Debug/Nexam.exe.WebView2/EBWebView/hyphen-data/120.0.6050.0/_metadata/verified_contents.json

Resource

win7-20241023-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral22

Sample

Debug/Nexam.exe.WebView2/EBWebView/hyphen-data/120.0.6050.0/_metadata/verified_contents.json

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral23

Sample

Debug/Nexam.exe.WebView2/EBWebView/hyphen-data/120.0.6050.0/hyph-af.hyb

Resource

win7-20241010-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral24

Sample

Debug/Nexam.exe.WebView2/EBWebView/hyphen-data/120.0.6050.0/hyph-af.hyb

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral25

Sample

Debug/Nexam.exe.WebView2/EBWebView/hyphen-data/120.0.6050.0/hyph-as.hyb

Resource

win7-20240708-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral26

Sample

Debug/Nexam.exe.WebView2/EBWebView/hyphen-data/120.0.6050.0/hyph-as.hyb

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral27

Sample

Debug/Nexam.exe.WebView2/EBWebView/hyphen-data/120.0.6050.0/hyph-be.hyb

Resource

win7-20240903-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral28

Sample

Debug/Nexam.exe.WebView2/EBWebView/hyphen-data/120.0.6050.0/hyph-be.hyb

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral29

Sample

Debug/Nexam.exe.WebView2/EBWebView/hyphen-data/120.0.6050.0/hyph-bg.hyb

Resource

win7-20240903-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral30

Sample

Debug/Nexam.exe.WebView2/EBWebView/hyphen-data/120.0.6050.0/hyph-bg.hyb

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral31

Sample

Debug/Nexam.exe.WebView2/EBWebView/hyphen-data/120.0.6050.0/hyph-bn.hyb

Resource

win7-20241023-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral32

Sample

Debug/Nexam.exe.WebView2/EBWebView/hyphen-data/120.0.6050.0/hyph-bn.hyb

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Report Analysis Logs

General

Target

Debug/Nexam.exe.WebView2/EBWebView/component_crx_cache/kpfehajjjbbcifeehjgfgnabifknmdad_1.zip
Size

1.0MB
MD5

14ef2d35ee97e8be10d6046b2e1942de
SHA1

8ad139e47d4d58df369e40c025923be0d82a5f9b
SHA256

00af3f07b5abb71f6d30337e1eef62fa280f06ef19485c0cf6b72171f92ccc0a
SHA512

f6e646031caa27f972b222a94aee3b2b610db686009e1dee6fbf0c4ac7ba6edb632eafd9ed81e15bb011e2c31ed4dda82b16dac560ed68596159ec29064ecda3
SSDEEP

24576:OgtkaswlAtUVNexKSU7EmXzDRx2I1woiB/ArwoiBM8u:OgtkaFlMHQQ2zDRQII///u

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	776	7zFM.exe
Token: 35	776	7zFM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
776	7zFM.exe

Processes

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Debug\Nexam.exe.WebView2\EBWebView\component_crx_cache\kpfehajjjbbcifeehjgfgnabifknmdad_1.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:776

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads