c4ef59b78f973b8e7b6ea4a38fcb47b6fb89f313655561a45a8e902bc35916c6

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-01-2025 21:23

Target

V1.56.zip
Size

37.0MB
MD5

8d5342e25d8d524b9e90b0f9d969fa10
SHA1

068610998e8c9c9f8d891726612e9c182ccac552
SHA256

c4ef59b78f973b8e7b6ea4a38fcb47b6fb89f313655561a45a8e902bc35916c6
SHA512

24542b6d084b3c5ec1e03b4c7c91d5b14712b5157a20a5348f1bab4c8fec15cbc89ecbc6079baf617488236d9356bacb079d9329138dda9b92a6302d1353e3b8
SSDEEP

786432:3OIDCHF6vramPmGgnIs0Q8UKfLD87hwzkBnQo1YQw/:+Ymku3vIs07UK387KzCQorw/

Score

7^/10

Executes dropped EXE 3 IoCs

Loads dropped DLL 6 IoCs

Suspicious behavior: EnumeratesProcesses 3 IoCs

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3016	7zFM.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Suspicious use of FindShellTrayWindow 5 IoCs

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 2180	3016	7zFM.exe	30
PID 3016 wrote to memory of 2180	3016	7zFM.exe	30
PID 3016 wrote to memory of 2180	3016	7zFM.exe	30
PID 3016 wrote to memory of 2748	3016	7zFM.exe	32
PID 3016 wrote to memory of 2748	3016	7zFM.exe	32
PID 3016 wrote to memory of 2748	3016	7zFM.exe	32
PID 3016 wrote to memory of 2716	3016	7zFM.exe	33
PID 3016 wrote to memory of 2716	3016	7zFM.exe	33
PID 3016 wrote to memory of 2716	3016	7zFM.exe	33

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\V1.56.zip"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Users\Admin\AppData\Local\Temp\7zO8CB0B5E6\Loader.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO8CB0B5E6\Loader.exe"
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Users\Admin\AppData\Local\Temp\7zO8CB905F6\Loader.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO8CB905F6\Loader.exe"
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Users\Admin\AppData\Local\Temp\7zO8CBF8D27\Loader.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO8CBF8D27\Loader.exe"
  2⤵
  - Executes dropped EXE
  PID:2716