1a619dae822d9f104bb8965ed8f1caaa10753522072539a6fdee942357d78a59 | Triage

Analysis

max time kernel
59s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
29-12-2024 17:13

Sharing

Report Analysis Logs

General

Target

metabuilder.rar
Size

513KB
MD5

c0a10da6d440b63422266bac6de58472
SHA1

f374a68916cd3f6ea9f63413977c28beb63d8d63
SHA256

1a619dae822d9f104bb8965ed8f1caaa10753522072539a6fdee942357d78a59
SHA512

8b5fd530807428eef42b178dbd1b06227a222267231de70056a1e83a4689b44da68a990a1a1b992fb90ba311adceaac47533cf649bbb2256e905ea21c1f67f2b
SSDEEP

12288:rXCXsx13hifrzhrOP+liJO3HpFIN75FQN+dt/UDuFIuP:S6Vh+zhra+SO3HzGAy8Duv

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2908	7zFM.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	2908	7zFM.exe
Token: 35	2908	7zFM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2908	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\metabuilder.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads