Overview

overview

10

Static

static

3

48ede0e3a4...dc.zip

windows7-x64

7

48ede0e3a4...dc.zip

windows10-2004-x64

1

contactsUX.dll

windows7-x64

3

contactsUX.dll

windows10-2004-x64

3

msidcrl40.dll

windows7-x64

3

msidcrl40.dll

windows10-2004-x64

3

msn.exe

windows7-x64

10

msn.exe

windows10-2004-x64

10

msncore.dll

windows7-x64

3

msncore.dll

windows10-2004-x64

3

msvcr80.dll

windows7-x64

3

msvcr80.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    261s
  • max time network
    242s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    16-01-2025 14:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    48ede0e3a4e2b696205f639bb5f826825d83f587c5b86d5b6fea31ef5ae4e1dc.zip

  • Size

    4.4MB

  • MD5

    03138e3ecc2df5643bfb9dc41722d6cf

  • SHA1

    d8d52a348adb94ef66a285e976876396dcde0634

  • SHA256

    48ede0e3a4e2b696205f639bb5f826825d83f587c5b86d5b6fea31ef5ae4e1dc

  • SHA512

    c53f09588fe9fd7bd5328140f0b235686b36be30fa09a430015fa319c1e3dbb20ab58e84ec4ed7515c39c1168e316d808a744875ac3f375c443786a9b584f6f1

  • SSDEEP

    98304:bRREt9wfqoBlDYLY+vn+yDmRTuoV86pp1nBaa6oEDAuviRP:NRMwyegtDmdpVFJnjMMP

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\48ede0e3a4e2b696205f639bb5f826825d83f587c5b86d5b6fea31ef5ae4e1dc.zip"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2544
    • C:\Users\Admin\AppData\Local\Temp\7zO0F9301CB\msn.exe
      "C:\Users\Admin\AppData\Local\Temp\7zO0F9301CB\msn.exe"
      2⤵
      • Executes dropped EXE
      PID:2788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zO0F9301CB\msn.exe
    Filesize

    5.5MB

    MD5

    537915708fe4e81e18e99d5104b353ed

    SHA1

    128ddb7096e5b748c72dc13f55b593d8d20aa3fb

    SHA256

    6dc7275f2143d1de0ca66c487b0f2ebff3d4c6a79684f03b9619bf23143ecf74

    SHA512

    9ceaaf7aa5889be9f5606646403133782d004b9d78ef83d7007dfce67c0f4f688d7931aebc74f1fc30aac2f1dd6281bdadfb52bc3ea46aca33b334adb4067ae2

    Download Submit