2efc288f7eca7bc4f1d38b06adcaf6ad70dbf4dc258350ff8621f0a3b378d392 | Triage

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 21:27

Sharing

Report Analysis Logs

General

Target

Setup-app.7z
Size

116.3MB
MD5

19a53c88b57e9f330250bd8a72ff6694
SHA1

31fcff8753ee1ce1738ae3d040e1cca293aa4cb1
SHA256

2efc288f7eca7bc4f1d38b06adcaf6ad70dbf4dc258350ff8621f0a3b378d392
SHA512

ee14bc08cc3e7e4ec28d442ade22b16b195ff17624cd663dbc7b9cab6d5e38efea8168fad167c5d9c87c12168a013e8878399a46e49c428a656d86bf91ccbba0
SSDEEP

3145728:RwxAsSR/f8ntHCrjS9F10RN0WnfLD40KSdVEkSzjRdpsKo:AAsOH6tSS9FG4aDxKSdV0RjE

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2944	Setup.exe
2412	Setup.exe

Loads dropped DLL 8 IoCs

pid	Process
1208	Process not Found
1208	Process not Found
1208	Process not Found
1208	Process not Found
1208	Process not Found
1208	Process not Found
1208	Process not Found
1208	Process not Found

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2580	7zFM.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeRestorePrivilege	2580	7zFM.exe
Token: 35	2580	7zFM.exe
Token: SeSecurityPrivilege	2580	7zFM.exe
Token: SeSecurityPrivilege	2580	7zFM.exe
Token: SeSecurityPrivilege	2580	7zFM.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
2580	7zFM.exe
2580	7zFM.exe
2580	7zFM.exe
2580	7zFM.exe
2580	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Setup-app.7z"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2580
- C:\Users\Admin\AppData\Local\Temp\7zO41ABFBD6\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO41ABFBD6\Setup.exe"
  2⤵
  - Executes dropped EXE
  PID:2944

C:\Users\Admin\Desktop\Setup.exe
"C:\Users\Admin\Desktop\Setup.exe"
1⤵
- Executes dropped EXE
PID:2412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zO41ABFBD6\Setup.exe

Filesize
44KB

MD5
f86507ff0856923a8686d869bbd0aa55

SHA1
d561b9cdbba69fdafb08af428033c4aa506802f8

SHA256
94f4fd6f2cb781ae7839ad2ee0322df732c8c7297e62834457662f8cde29dcbb

SHA512
6c1c073fc09498407b2c6b46d7a7e04c2db3c6f8d68c0dc0775211864c4508c48c2bd92e3849dc3805caacc856f9e31e1eea118661a55f526bfa61638f88c3da

Download Submit