38bc13ef112b2f17d4d1a80243fac6a521b5d58228984aae0752d79487fa3b66

Submit
Reports

Overview

overview

Static

static

241105-dtx...ed.zip

windows7-x64

241105-dtx...ed.zip

windows10-2004-x64

d91912b4b9...37.rar

windows7-x64

d91912b4b9...37.rar

windows10-2004-x64

08751be484...2d.dll

windows7-x64

08751be484...2d.dll

windows10-2004-x64

0a9f79abd4...51.exe

windows7-x64

0a9f79abd4...51.exe

windows10-2004-x64

0di3x.exe

windows7-x64

0di3x.exe

windows10-2004-x64

201106-9sx...ed.zip

windows7-x64

201106-9sx...ed.zip

windows10-2004-x64

2019-09-02...10.exe

windows7-x64

2019-09-02...10.exe

windows10-2004-x64

2c01b00772...eb.exe

windows7-x64

2c01b00772...eb.exe

windows10-2004-x64

31.exe

windows7-x64

31.exe

windows10-2004-x64

3DMark 11 ...on.exe

windows7-x64

3DMark 11 ...on.exe

windows10-2004-x64

42f9729255...61.exe

windows7-x64

42f9729255...61.exe

windows10-2004-x64

5da0116af4...18.exe

windows7-x64

5da0116af4...18.exe

windows10-2004-x64

6306868794.bin.zip

windows7-x64

6306868794.bin.zip

windows10-2004-x64

69c56d12ed...6b.exe

windows7-x64

69c56d12ed...6b.exe

windows10-2004-x64

905d572f23...50.exe

windows7-x64

905d572f23...50.exe

windows10-2004-x64

948340be97...54.exe

windows7-x64

948340be97...54.exe

windows10-2004-x64

Resubmissions

16-02-2025 01:02

250216-bd8gxstmfr 10

13-02-2025 19:41

250213-yd78gssrap 10

Analysis

max time kernel
838s
max time network
846s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
16-02-2025 01:02

Sharing

Copy URL

Twitter E-mail

Static task

static1

15 signatures

Behavioral task

behavioral1

Sample

241105-dtxrgatbpg_pw_infected.zip

Resource

win7-20240903-en

windows7-x64

0 signatures

900 seconds

Behavioral task

behavioral2

Sample

241105-dtxrgatbpg_pw_infected.zip

Resource

win10v2004-20250211-en

discovery

windows10-2004-x64

3 signatures

900 seconds

Behavioral task

behavioral3

Sample

d91912b4b945e88e881e54573390e6723cfc41916b6546453b59e60f9beee337.rar

Resource

win7-20241023-en

windows7-x64

3 signatures

900 seconds

Behavioral task

behavioral4

Sample

d91912b4b945e88e881e54573390e6723cfc41916b6546453b59e60f9beee337.rar

Resource

win10v2004-20250211-en

adware discovery persistence privilege_escalation stealer

windows10-2004-x64

21 signatures

900 seconds

Behavioral task

behavioral5

Sample

08751be484e1572995ebb085df1c2c6372084d63a64dce7fab28130d79a6ea2d.dll

Resource

win7-20250207-en

zloader main 26.02.2020 botnet discovery persistence trojan

windows7-x64

7 signatures

900 seconds

Behavioral task

behavioral6

Sample

08751be484e1572995ebb085df1c2c6372084d63a64dce7fab28130d79a6ea2d.dll

Resource

win10v2004-20250207-en

zloader botnet discovery persistence trojan

windows10-2004-x64

9 signatures

900 seconds

Behavioral task

behavioral7

Sample

0a9f79abd48b95544d7e2b6658637d1eb23067a94e10bf06d05c9ecc73cf4b51.exe

Resource

win7-20241010-en

discovery

windows7-x64

4 signatures

900 seconds

Behavioral task

behavioral8

Sample

0a9f79abd48b95544d7e2b6658637d1eb23067a94e10bf06d05c9ecc73cf4b51.exe

Resource

win10v2004-20250211-en

adware discovery persistence privilege_escalation stealer

windows10-2004-x64

20 signatures

900 seconds

Behavioral task

behavioral9

Sample

0di3x.exe

Resource

win7-20240903-en

smokeloader backdoor trojan

windows7-x64

3 signatures

900 seconds

Behavioral task

behavioral10

Sample

0di3x.exe

Resource

win10v2004-20250211-en

smokeloader adware backdoor discovery persistence privilege_escalation stealer trojan

windows10-2004-x64

25 signatures

900 seconds

Behavioral task

behavioral11

Sample

201106-9sxjh7tvxj_pw_infected.zip

Resource

win7-20250207-en

windows7-x64

0 signatures

900 seconds

Behavioral task

behavioral12

Sample

201106-9sxjh7tvxj_pw_infected.zip

Resource

win10v2004-20250211-en

discovery

windows10-2004-x64

3 signatures

900 seconds

Behavioral task

behavioral13

Sample

2019-09-02_22-41-10.exe

Resource

win7-20240729-en

smokeloader backdoor discovery trojan

windows7-x64

6 signatures

900 seconds

Behavioral task

behavioral14

Sample

2019-09-02_22-41-10.exe

Resource

win10v2004-20250211-en

smokeloader backdoor discovery trojan

windows10-2004-x64

9 signatures

900 seconds

Behavioral task

behavioral15

Sample

2c01b007729230c415420ad641ad92eb.exe

Resource

win7-20240903-en

hawkeye collection discovery keylogger persistence spyware stealer trojan

windows7-x64

18 signatures

900 seconds

Behavioral task

behavioral16

Sample

2c01b007729230c415420ad641ad92eb.exe

Resource

win10v2004-20250207-en

hawkeye collection discovery keylogger persistence spyware stealer trojan

windows10-2004-x64

19 signatures

900 seconds

Behavioral task

behavioral17

Sample

31.exe

Resource

win7-20241010-en

agenttesla danabot dharma formbook gozi qakbot raccoon 86920224 spx129 1590734339 i0qi w9z agilenet banker cryptone defense_evasion discovery execution impact keylogger packer persistence ransomware rat rezer0 rm3 spyware stealer trojan

windows7-x64

53 signatures

900 seconds

Behavioral task

behavioral18

Sample

31.exe

Resource

win10v2004-20250207-en

agenttesla danabot dharma formbook gozi raccoon 86920224 app i0qi w9z agilenet banker botnet cryptone defense_evasion discovery execution impact keylogger packer persistence ransomware rat rezer0 rm3 spyware stealer trojan

windows10-2004-x64

53 signatures

900 seconds

Behavioral task

behavioral19

Sample

3DMark 11 Advanced Edition.exe

Resource

win7-20240729-en

discovery

windows7-x64

1 signatures

900 seconds

Behavioral task

behavioral20

Sample

3DMark 11 Advanced Edition.exe

Resource

win10v2004-20250211-en

discovery

windows10-2004-x64

3 signatures

900 seconds

Behavioral task

behavioral21

Sample

42f972925508a82236e8533567487761.exe

Resource

win7-20240903-en

asyncrat babylonrat darkcomet njrat warzonerat null defense_evasion discovery infostealer persistence privilege_escalation rat trojan

windows7-x64

33 signatures

900 seconds

Behavioral task

behavioral22

Sample

42f972925508a82236e8533567487761.exe

Resource

win10v2004-20250211-en

asyncrat babylonrat darkcomet njrat warzonerat 2020nov1 null adware defense_evasion discovery infostealer persistence privilege_escalation rat stealer trojan

windows10-2004-x64

47 signatures

900 seconds

Behavioral task

behavioral23

Sample

5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe

Resource

win7-20240903-en

discovery persistence ransomware upx

windows7-x64

9 signatures

900 seconds

Behavioral task

behavioral24

Sample

5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe

Resource

win10v2004-20250207-en

discovery persistence ransomware upx

windows10-2004-x64

20 signatures

900 seconds

Behavioral task

behavioral25

Sample

6306868794.bin.zip

Resource

win7-20250207-en

windows7-x64

0 signatures

900 seconds

Behavioral task

behavioral26

Sample

6306868794.bin.zip

Resource

win10v2004-20250207-en

adware discovery persistence privilege_escalation stealer

windows10-2004-x64

20 signatures

900 seconds

Behavioral task

behavioral27

Sample

69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b.exe

Resource

win7-20240729-en

hakbit credential_access defense_evasion discovery execution ransomware spyware stealer

windows7-x64

20 signatures

900 seconds

Behavioral task

behavioral28

Sample

69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b.exe

Resource

win10v2004-20250211-en

hakbit credential_access defense_evasion discovery execution ransomware spyware stealer

windows10-2004-x64

21 signatures

900 seconds

Behavioral task

behavioral29

Sample

905d572f23883f5f161f920e53473989cf7dffc16643aa759f77842e54add550.exe

Resource

win7-20240903-en

revengerat execution stealer trojan

windows7-x64

12 signatures

900 seconds

Behavioral task

behavioral30

Sample

905d572f23883f5f161f920e53473989cf7dffc16643aa759f77842e54add550.exe

Resource

win10v2004-20250207-en

revengerat adware discovery execution persistence privilege_escalation stealer trojan

windows10-2004-x64

27 signatures

900 seconds

Behavioral task

behavioral31

Sample

948340be97cc69c2cf8e5c8327ee52a89eeb50095f978696c710ad773a46b654.exe

Resource

win7-20240903-en

revengerat victime persistence stealer trojan

windows7-x64

8 signatures

900 seconds

Behavioral task

behavioral32

Sample

948340be97cc69c2cf8e5c8327ee52a89eeb50095f978696c710ad773a46b654.exe

Resource

win10v2004-20250211-en

revengerat adware discovery persistence privilege_escalation stealer trojan

windows10-2004-x64

25 signatures

900 seconds

Report Analysis Logs

General

Target

d91912b4b945e88e881e54573390e6723cfc41916b6546453b59e60f9beee337.rar
Size

143.9MB
MD5

c572596b2caadbc11672ff12af226635
SHA1

57a176459d3f24cf94810efbb6511abca2e7dce2
SHA256

d91912b4b945e88e881e54573390e6723cfc41916b6546453b59e60f9beee337
SHA512

d112c32cab043308c8707350679af122a3af504386e3f7ee846c72edbc2e2fd2e825023d5bc0e793853a065df159dfd35c8e32e5370b03cdfa59ab7aa05cd5c6
SSDEEP

3145728:mdmtZSmWUMbLPnDwOqs0ykYmO67RUQ0UEsYf2XH:hSmhMbL/N0y4z0UdH

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2520	7zFM.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	2520	7zFM.exe
Token: 35	2520	7zFM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2520	7zFM.exe

Processes

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\d91912b4b945e88e881e54573390e6723cfc41916b6546453b59e60f9beee337.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2520

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads