262d6420018c8000d4f95686b9b6862737b7bd46ca94916c0c23d4ae603a8e5f | Triage

Analysis

max time kernel
93s
max time network
17s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19/02/2025, 19:10

Sharing

Report Analysis Logs

General

Target

Pago.rar
Size

649KB
MD5

acb3c83c34db1b5d300a9a00c65e757f
SHA1

a5e69df876fc79288ddf1eec674dcc2e250c713f
SHA256

262d6420018c8000d4f95686b9b6862737b7bd46ca94916c0c23d4ae603a8e5f
SHA512

56af5d0d1522d12e0bbdfb36e55d0c79138a0a632272a40c98e427b5a805ef4ff13e7097425777f2d47d9542e46a3458354ccda5e204f1320193456ddc64014b
SSDEEP

12288:RhYZQBSGaPmixXvShCt13Pc7JOglIXJjAC86hK1mFxeXSZk78RSb56U:jYZQQFZPHnhK1Mx4v7/l

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3064	7zFM.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeRestorePrivilege	3064	7zFM.exe
Token: 35	3064	7zFM.exe
Token: SeSecurityPrivilege	3064	7zFM.exe
Token: 33	2912	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2912	AUDIODG.EXE
Token: 33	2912	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2912	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3064	7zFM.exe
3064	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Pago.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3064

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2844

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xc4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads