Overview

overview

3

Static

static

1

zip_bomb_42.zip

windows10-ltsc 2021-x64

3

Analysis

  • max time kernel
    92s
  • max time network
    149s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250207-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250207-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    15-02-2025 23:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    zip_bomb_42.zip

  • Size

    41KB

  • MD5

    1df9a18b18332f153918030b7b516615

  • SHA1

    6c42c62696616b72bbfc88a4be4ead57aa7bc503

  • SHA256

    bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa

  • SHA512

    6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80

  • SSDEEP

    768:hzyVr8GSKL6O3QOXk/0u3wqOghrFCezL1VFJdbq2QTJTw02Q:hGx8DKXE//ZhhCirFi2cwK

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\zip_bomb_42.zip
    1⤵
      PID:1656
    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
      1⤵
      • System Location Discovery: System Language Discovery
      PID:3100
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe"
      1⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:5704

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads