0ff7a5b5bedeac0e43dfc0779ba19d96357871631043d5b9243c24bc743c9029 | Triage

Analysis

max time kernel
93s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
01-01-2025 15:04

Sharing

Report Analysis Logs

General

Target

Ms Optimizer.rar
Size

7.5MB
MD5

24070930e012ed85eaecbf9cb60b2910
SHA1

abe37ec45c9387538d93f9f3f24ce212e711f204
SHA256

0ff7a5b5bedeac0e43dfc0779ba19d96357871631043d5b9243c24bc743c9029
SHA512

176a59ecf6179de7c38f1c8d3d5a1901c514087c0fa6b06b865b3c72be1cfd9c34f82d0beb727db028e14dfa2d92b687bcacaa1e59be1a8ef4fceaf02681360e
SSDEEP

196608:oyUrYorj3f/9LoEyOULkTS7ys3r3wb3IhGfLjSvx5:of9xDxULkTobuwqWv7

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	1244	7zFM.exe
Token: 35	1244	7zFM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1244	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Ms Optimizer.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads