Overview

overview

10

Static

static

3

Setup-app.7z

windows7-x64

7

Setup-app.7z

windows10-2004-x64

7

Setup-app.7z

windows10-ltsc 2021-x64

10

Setup-app.7z

windows11-21h2-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    276s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-12-2024 21:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup-app.7z

  • Size

    116.3MB

  • MD5

    19a53c88b57e9f330250bd8a72ff6694

  • SHA1

    31fcff8753ee1ce1738ae3d040e1cca293aa4cb1

  • SHA256

    2efc288f7eca7bc4f1d38b06adcaf6ad70dbf4dc258350ff8621f0a3b378d392

  • SHA512

    ee14bc08cc3e7e4ec28d442ade22b16b195ff17624cd663dbc7b9cab6d5e38efea8168fad167c5d9c87c12168a013e8878399a46e49c428a656d86bf91ccbba0

  • SSDEEP

    3145728:RwxAsSR/f8ntHCrjS9F10RN0WnfLD40KSdVEkSzjRdpsKo:AAsOH6tSS9FG4aDxKSdV0RjE

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Setup-app.7z"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1868
    • C:\Users\Admin\AppData\Local\Temp\7zOC4772AC7\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\7zOC4772AC7\Setup.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      PID:3144
  • C:\Users\Admin\Desktop\Setup.exe
    "C:\Users\Admin\Desktop\Setup.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    PID:4960
  • C:\Users\Admin\Desktop\Setup.exe
    "C:\Users\Admin\Desktop\Setup.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    PID:312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zOC4772AC7\Setup.exe
    Filesize

    44KB

    MD5

    f86507ff0856923a8686d869bbd0aa55

    SHA1

    d561b9cdbba69fdafb08af428033c4aa506802f8

    SHA256

    94f4fd6f2cb781ae7839ad2ee0322df732c8c7297e62834457662f8cde29dcbb

    SHA512

    6c1c073fc09498407b2c6b46d7a7e04c2db3c6f8d68c0dc0775211864c4508c48c2bd92e3849dc3805caacc856f9e31e1eea118661a55f526bfa61638f88c3da

    Download Submit