Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
20-12-2024 17:23
Static task
static1
Behavioral task
behavioral1
Sample
ZOD-master (1).zip
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ZOD-master (1).zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
ZOD-master/42.zip
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
ZOD-master/42.zip
Resource
win10v2004-20241007-en
General
-
Target
ZOD-master (1).zip
-
Size
41KB
-
MD5
ae6438a5a41352e5b7b37918259bea69
-
SHA1
684f4e642980875422c1e666ee349d9aee5c337f
-
SHA256
d53a7858a392b314ef7e63d5d8d2f7fa8b6067dc0b9cc926adf219c0c4c0b768
-
SHA512
28b14be2cadcc3d37afd2a501e553bb5d8df42cb376609c587348a2bfd3eab35e81b76ff2f61b1951a606739834eda607f9dc4334ea60f00bb806edb269c9784
-
SSDEEP
768:XUMiHEhp2vCIODrhNGkAalt/bp2GiKlIPJV1Aoi+vZPJSFmGiU0Jv1uwiX:XUKP2vCF1Aalt/keIPhDjZPJSFmLa
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2404 7zFM.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeRestorePrivilege 2404 7zFM.exe Token: 35 2404 7zFM.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2404 7zFM.exe
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\ZOD-master (1).zip"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2404
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2596