195afd80fbc01d33334b27005de6c2c9e78c55220758f816c0a9f6ffba85566d | Triage

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-12-2024 03:37

Sharing

Report Analysis Logs

General

Target

Unconfirmed 115457.zip
Size

448KB
MD5

fba48bc48252100a4789f714b7408fa8
SHA1

b07b8cb68d5ca833bacd495a4a3e577404c8d466
SHA256

195afd80fbc01d33334b27005de6c2c9e78c55220758f816c0a9f6ffba85566d
SHA512

f164941a11bd8b0c2b17a9ce91913cf2871e59247c3b2ae2c5c463d67f3c9ccee9cc4a87705a4d8bdaf2afc41dc1e6fe3288ee99769dcd1de066d6f124245288
SSDEEP

12288:mVCoVD990usfOlCdXXJy1sw5D99GJuY9HArdo7:zoKdpyuw5D9wJWo7

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2644	7zFM.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	2644	7zFM.exe
Token: 35	2644	7zFM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2644	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Unconfirmed 115457.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads