c6004a404cddb4408610b0394b3c133ad1c1bfe5eee08aa5f2836969230612db

Resubmissions

07-01-2025 19:20

250107-x14m5swqdr 1

06-01-2025 20:49

250106-zmb23szjgp 8

06-01-2025 20:34

250106-zcfyaayqbp 10

06-01-2025 20:12

250106-yyyjsawpbs 10

Analysis

max time kernel
8s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
07-01-2025 19:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Resolute 16x.zip
Size

7.6MB
MD5

b9e57b369a3b919d3d2513db78dd29fe
SHA1

a60a15aeae76b01d9b026650ebdb02bd05cb3412
SHA256

c6004a404cddb4408610b0394b3c133ad1c1bfe5eee08aa5f2836969230612db
SHA512

3e19eb776d11dc4d08c606a28733cd7118f464f01ff08ae1612d08aababb6e18087d0351004012cd34c2ec24c5a91b834d9623a880d32d3efc7999810479840b
SSDEEP

196608:zCPskbMDiJmVU0qsmIuAfdJ8ZHnp3/XFOfOgtk6O:zCbki/0qEFetnp3/XF4OZ

Score

1^/10

Malware Config

Signatures

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3464	7zFM.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	3464	7zFM.exe
Token: 35	3464	7zFM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3464	7zFM.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2420	MiniSearchHost.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Resolute 16x.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3464

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
069c37bf9e39b121efb7a28ece933aee

SHA1
eaef2e55b66e543a14a6780c23bb83fe60f2f04d

SHA256
485db8db6b497d31d428aceea416da20d88f7bde88dbfd6d59e3e7eee0a75ae8

SHA512
f4562071143c2ebc259a20cbb45b133c863f127a5750672b7a2af47783c7cdc56dcf1064ae83f54e5fc0bb4e93826bf2ab4ef6e604f955bf594f2cbd641db796

Download Submit