199e2a09b06ddb2f0c3f6316e84450cf2a1ef970c5023a45f2a57fcd73912abe

Submit
Reports

Overview

overview

Static

static

Release.zip

windows7-x64

Release.zip

windows10-2004-x64

Release/Ne...0].exe

windows7-x64

Release/Ne...0].exe

windows10-2004-x64

Release/au...in.dll

windows7-x64

Release/au...in.dll

windows10-2004-x64

Release/lo...ng.dll

windows7-x64

Release/lo...ng.dll

windows10-2004-x64

Release/lo...ng.dll

windows7-x64

Release/lo...ng.dll

windows10-2004-x64

Release/lo...ng.dll

windows7-x64

Release/lo...ng.dll

windows10-2004-x64

Release/lo...er.dll

windows7-x64

Release/lo...er.dll

windows10-2004-x64

Release/lo...-1.dll

windows7-x64

Release/lo...-1.dll

windows10-2004-x64

Release/ru...er.dll

windows7-x64

Release/ru...er.dll

windows10-2004-x64

Release/ru...er.dll

windows7-x64

Release/ru...er.dll

windows10-2004-x64

Release/ru...er.dll

windows7-x64

Release/ru...er.dll

windows10-2004-x64

Release/sc...Env.js

windows7-x64

Release/sc...Env.js

windows10-2004-x64

Release/wo...re.dll

windows7-x64

Release/wo...re.dll

windows10-2004-x64

Release/wo...pet.js

windows7-x64

Release/wo...pet.js

windows10-2004-x64

Analysis

max time kernel
94s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2025 03:10

Sharing

Copy URL

Twitter E-mail

Static task

static1

cryptone packer

2 signatures

Behavioral task

behavioral1

Sample

Release.zip

Resource

win7-20241010-en

lumma discovery stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Release.zip

Resource

win10v2004-20241007-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral3

Sample

Release/NewIn [v1.1.0].exe

Resource

win7-20241010-en

lumma discovery stealer

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral4

Sample

Release/NewIn [v1.1.0].exe

Resource

win10v2004-20241007-en

lumma discovery stealer

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral5

Sample

Release/autoexec/bin.dll

Resource

win7-20240903-en

discovery

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral6

Sample

Release/autoexec/bin.dll

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral7

Sample

Release/locales/resources/app.asar.unpacked/node_modules/btime/binding.dll

Resource

win7-20240903-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral8

Sample

Release/locales/resources/app.asar.unpacked/node_modules/btime/binding.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

Release/locales/resources/app.asar.unpacked/node_modules/get-fonts/binding.dll

Resource

win7-20241010-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral10

Sample

Release/locales/resources/app.asar.unpacked/node_modules/get-fonts/binding.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

Release/locales/resources/app.asar.unpacked/node_modules/vibrancy-win/binding.dll

Resource

win7-20240903-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral12

Sample

Release/locales/resources/app.asar.unpacked/node_modules/vibrancy-win/binding.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

Release/locales/resources/vk_swiftshader.dll

Resource

win7-20240903-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral14

Sample

Release/locales/resources/vk_swiftshader.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

Release/locales/resources/vulkan-1.dll

Resource

win7-20241010-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral16

Sample

Release/locales/resources/vulkan-1.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

Release/runtimes/win-arm64/native/WebView2Loader.dll

Resource

win7-20241023-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

Release/runtimes/win-arm64/native/WebView2Loader.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

Release/runtimes/win-x64/native/WebView2Loader.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

Release/runtimes/win-x64/native/WebView2Loader.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

Release/runtimes/win-x86/native/WebView2Loader.dll

Resource

win7-20241010-en

discovery

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral22

Sample

Release/runtimes/win-x86/native/WebView2Loader.dll

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral23

Sample

Release/scripts/UNCCheckEnv.js

Resource

win7-20240903-en

execution

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral24

Sample

Release/scripts/UNCCheckEnv.js

Resource

win10v2004-20241007-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral25

Sample

Release/workspace/Xeno.exe.WebView2/EBWebView/Speech Recognition/1.15.0.1/Microsoft.CognitiveServices.Speech.core.dll

Resource

win7-20240708-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

Release/workspace/Xeno.exe.WebView2/EBWebView/Speech Recognition/1.15.0.1/Microsoft.CognitiveServices.Speech.core.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

Release/workspace/Xeno.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.57/adblock_snippet.js

Resource

win7-20241023-en

execution

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral28

Sample

Release/workspace/Xeno.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.57/adblock_snippet.js

Resource

win10v2004-20241007-en

execution

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

Release.zip
Size

30.0MB
MD5

7b352f4b215d9505e5e1a898990c8658
SHA1

a4cfc444f659a21582c144c4a99eeda75d1e343b
SHA256

d7fc6e32096855a5f4d545f6359b1e0ce5b8ff3173c83ff1407423b0c6025bb0
SHA512

e859cd4130537d0035f1a2b6265bfe91ec36355216f5851f81c0b6ec266a2dcb8bbc92879494e8b0b963f6bab830fc5ea98a9dbe717a3b38b5731d63948e0aad
SSDEEP

786432:FnTe0UOYgy+hEJpfbIHJ0VJi209uBZOLHEk:FTi8y+hapjQ0VJLBZEEk

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	1804	7zFM.exe
Token: 35	1804	7zFM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1804	7zFM.exe

Processes

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Release.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1804

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads