Analysis
-
max time kernel
117s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
06/03/2025, 17:22
General
-
Target
REPO-SteamRIP.com.rar
-
Size
410.8MB
-
MD5
8f37d082af95556e9de90ffad55e80ca
-
SHA1
49b4e1fd505b1c6d1188495487ce07bc51a26abf
-
SHA256
e36962c7613c7cec9e09e4e20d044d59f48fd5b7f969bdc0251703f2dd0998bd
-
SHA512
07410a2819c6778ae288c1f8678cf77c6bcd5060a7ee5614ba420bf2192e410d669a1ec11b740304fa22959810c52aecf952fc718a25bc71d66e26153cfd5639
-
SSDEEP
12582912:unSnXWmXdshrHNaN6Gxh8ocYQtixfiYY8h2a:unSnXTtshb48Ch8oimfiYIa
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\REPO-SteamRIP.com.rar"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7zO423021F6\REPO.exe"C:\Users\Admin\AppData\Local\Temp\7zO423021F6\REPO.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
651KB
MD537e2e7e012343ccef500133286fcbf27
SHA14b7e66039d04b14ddcfb580a6e6a395ea52222be
SHA2561643ff9ed131adde7a22363f26d36308b4b4fb8f9ba61e5afce3b6803c5cb302
SHA512418dcb69e506f42248c00459eb3fa5a576006fead83cb5372e5710a8e95265654c316bbb314e4b8afa69e393a7cdf01219b7e17095d1990ab418f0aed68c687e