435cef541072c4e67643602b1c93277efaa122246c10f9e1a6d7fadcdedca947

Resubmissions

12/01/2025, 01:21

max time kernel
150s
max time network
21s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
12/01/2025, 01:21

Target

Packburpsuite21.rar
Size

208.8MB
MD5

7d21c6d05d4cd5deb4e8f0123804a833
SHA1

94d309b8c65cdf88c52d9e6bd3c0085cee33f16d
SHA256

435cef541072c4e67643602b1c93277efaa122246c10f9e1a6d7fadcdedca947
SHA512

5ede8e6bc4d41665620c4824ed1a1c3bdb3127450fa5dea1406a82b7ceb8cb18f5e9081d9ad792e66df912096b54ca0f7f000b4924a1743566285940b46aef5b
SSDEEP

6291456:wfDlqvXnRovMwPG3JAZqKdy/z/PhJlTz6:wfxqpoTPG3JFKdozBJtz6

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2132	burpsuite2.1.EXE

Loads dropped DLL 1 IoCs

pid	Process
2268	7zFM.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2268	7zFM.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2268	7zFM.exe
2268	7zFM.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2132	2268	7zFM.exe	29
PID 2268 wrote to memory of 2132	2268	7zFM.exe	29
PID 2268 wrote to memory of 2132	2268	7zFM.exe	29

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Packburpsuite21.rar"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Users\Admin\AppData\Local\Temp\7zOCD8BDE6A\burpsuite2.1.EXE
  "C:\Users\Admin\AppData\Local\Temp\7zOCD8BDE6A\burpsuite2.1.EXE"
  2⤵
  - Executes dropped EXE
  PID:2132