d3cbf9defea0f29575828ed5b4484fa1bc1ce9ac2a0a994ccb34ed569ff96829 | Triage

Analysis

max time kernel
130s
max time network
106s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
21/03/2025, 21:47

Sharing

Report Analysis Logs

General

Target

Zimoria.rar
Size

17.3MB
MD5

0096f7923b82522041a34fecce24057b
SHA1

25407f16e5b0df74d594e9af3e7f33681784d376
SHA256

d3cbf9defea0f29575828ed5b4484fa1bc1ce9ac2a0a994ccb34ed569ff96829
SHA512

403a4042363abf09cbb8a4413dcf94079665b3fd90201cdbc297a1f5429befaab0477db644565f5004c5a3988cd75aa7b73443396f70f9ad050db8a0145b8ab1
SSDEEP

393216:qJZVpbjl492zBbcov9raMWJXaUWo6gOKrgwtaWdzwOpg8We/9JzaR:+KoCovJaMW8UWo6bu7HHpG2TE

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	464	7zFM.exe
Token: 35	464	7zFM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
464	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Zimoria.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads