Analysis
-
max time kernel
33s -
max time network
44s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
-
submitted
05/03/2025, 21:09
General
-
Target
REPO-SteamRIP.com.rar
-
Size
410.9MB
-
MD5
f8fabd4b722570eac5bb9d5b982aee22
-
SHA1
cf543e7a789e22962fb8974b2c3249c01938e4b4
-
SHA256
4043ddf542d7ac9a682a35076ccdd14108244af6c051ffe341b451a104194fd2
-
SHA512
c78c80fd75d36a6157045834effcc403a607c0f34142a8ba69e4de520c93f800a6450478b148e7f2a7050c339dd59bd5e78704c27108dd62508f93e940c8277a
-
SSDEEP
12582912:HnS2UmihshrHNkdaGxh8ocYbtixfiYYoh2Dw:HnS2FgshbWMCh8oRmfiYIDw
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\REPO-SteamRIP.com.rar"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7zO088CC7F7\REPO.exe"C:\Users\Admin\AppData\Local\Temp\7zO088CC7F7\REPO.exe"2⤵
- Executes dropped EXE
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
651KB
MD537e2e7e012343ccef500133286fcbf27
SHA14b7e66039d04b14ddcfb580a6e6a395ea52222be
SHA2561643ff9ed131adde7a22363f26d36308b4b4fb8f9ba61e5afce3b6803c5cb302
SHA512418dcb69e506f42248c00459eb3fa5a576006fead83cb5372e5710a8e95265654c316bbb314e4b8afa69e393a7cdf01219b7e17095d1990ab418f0aed68c687e