ae98811164cee18f574647755ec829d1973f508b7a6e378768bf4346ab70604f | Triage

Analysis

max time kernel
423s
max time network
431s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-01-2025 07:41

Sharing

Report Analysis Logs

General

Target

Release.zip
Size

19.6MB
MD5

ebd33cf936c8b8b726ed30c8d7da7161
SHA1

018781e13fda046407e1d85d5ff64963f24eb5c2
SHA256

ae98811164cee18f574647755ec829d1973f508b7a6e378768bf4346ab70604f
SHA512

fb77ce6f17d26b84ed64b7a88084bb569982b0b6eef609365b0349b62e9d5854ec1f61213f6af6ef3193f98720bc1f09041c7c31fcef46a4ea44b7c517ae447d
SSDEEP

393216:pPf9HYaL7tSMlbpqj0tJCV35rWimatHzyd3V806Nqw4VGT:F+WZxIV3nm2Tyb80ciI

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	1032	7zFM.exe
Token: 35	1032	7zFM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1032	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Release.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads