a0e68504a3071c3ac68c3488e163c948977fccb4b9a477658188ca2f9e668361 | Triage

Analysis

max time kernel
11s
max time network
19s
platform
windows7_x64
resource
win7-20241010-de
resource tags

arch:x64arch:x86image:win7-20241010-delocale:de-deos:windows7-x64systemwindows
submitted
31-12-2024 20:59

Sharing

Reason

Machine shutdown

Report Analysis Logs

General

Target

[1.1.0]-Aрр-UNC-x64.zip
Size

24.6MB
MD5

14a8c2f7c0529f3cbee686b21004173b
SHA1

b95b447897b4be9b53c55220ad69cde184b3fa71
SHA256

a0e68504a3071c3ac68c3488e163c948977fccb4b9a477658188ca2f9e668361
SHA512

37fac6c8b9004385d98ce515f8d29fcc9615fdfe94408bee83f205fd68953231457fdc9e0f246bd343aba54599afe9bdb2b91d5351b6c2399aa8a61608940665
SSDEEP

786432:oQGJGrSgwP4FeSsW10/whM4BH4ksOQkW71BtN:oQS4nsRIht8Ohs7tN

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	2784	7zFM.exe
Token: 35	2784	7zFM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2784	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\[1.1.0]-Aрр-UNC-x64.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2784

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:2948

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:1084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads