Overview

overview

10

Static

static

3

1.rar

windows7-x64

7

1.rar

windows10-2004-x64

1

0oj3.exe

windows7-x64

1

0oj3.exe

windows10-2004-x64

10

Config.ini

windows7-x64

1

Config.ini

windows10-2004-x64

1

interception.dll

windows7-x64

1

interception.dll

windows10-2004-x64

1

libcrypto-3-x64.dll

windows7-x64

1

libcrypto-3-x64.dll

windows10-2004-x64

1

onnxruntime.dll

windows7-x64

1

onnxruntime.dll

windows10-2004-x64

1

opencv_world490.dll

windows7-x64

1

opencv_world490.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29-12-2024 21:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1.rar

  • Size

    52.2MB

  • MD5

    59f794fea5bfd53feb55c754cf2b1a52

  • SHA1

    2878304c317d05daff6f30de640ab64742b2dd77

  • SHA256

    0c4b7a3670f4ef5f7ba2d7e820cb3df837a72c08a4d039768b50617c06983308

  • SHA512

    2b48c5160a7d2ec0c67c1ed119e666a8a509f64b43f94835a77041e58d025dfcc0df7a969d2cf83c9a1453fd9e5f0f4fadaf7975c4e1255b89f866fac785fc6b

  • SSDEEP

    786432:SRbg1VYxvtPUpHOL7Of0Ub+yoAoxGfMvJLniIroQtC311gqkYdGYD0AWWQQHp22C:SBTdL6f0UbnoA+LzZgqxQHQQs2pemJC

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\1.rar"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1484
  • C:\Users\Admin\Desktop\New folder\0oj3.exe
    "C:\Users\Admin\Desktop\New folder\0oj3.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    PID:2676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\Desktop\New folder\0oj3.exe
    Filesize

    37.0MB

    MD5

    d57050cc8f1d71bb068a181301146855

    SHA1

    564deb2344ea43dd519ee0000642cb0ced55da83

    SHA256

    08058004805b7054e6dd6c55e1aebfa356cddd46167aae7de4322d4c3ae79db1

    SHA512

    43af8130465347d06e23838bc652a94b8d06518d81c40f32f87d78d87a485ae23b13d7585f3e05f0231b9f6f59e383b98617b268519d1c6742b7309c1da494e4

    Download Submit

  • \Users\Admin\Desktop\New folder\onnxruntime.dll
    Filesize

    11.0MB

    MD5

    8c218c52a99f6c536438242dc99a8006

    SHA1

    d31dc3ad0a9578975b4b0ed895d27d65d9768cc0

    SHA256

    52f8ebe8f08f369a44fed6d1cb680c7c89169795e1c2949ee25b88b538ef0948

    SHA512

    5163d8d81989fd45506d540ccdba990bf4e613dc6438841cb812d7c92069aa643aff509903595dd9fdf542cb580b8937bb6fa016e9f2d463958d37fbd5b7092e

    Download Submit