5d112a86cfba7fc6a1a176b08fb203eb98d103ba95f9edf6adb72c70558f0c96 | Triage

Analysis

max time kernel
63s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
26/03/2025, 14:42

Sharing

Report Analysis Logs

General

Target

Binaries.rar
Size

1019KB
MD5

9f0a1e5448e276fd9a1868b08261b258
SHA1

bd0e596a0dacba429edc5d06ca23df7a6136682e
SHA256

5d112a86cfba7fc6a1a176b08fb203eb98d103ba95f9edf6adb72c70558f0c96
SHA512

3a81021e2bff42b1e861d791c9f9089853b5d8e44a8b12aa3f2018a6eba55ee3de3f744c75e2021f6570f7712b1dc1589ff1aa52a4804f02f2111dc3de0a2d52
SSDEEP

24576:uc7mwB4VdnJuGYlLS1GmezoXZUnfG4vLjcl7FpOR5wG24q+h:cU4TeVqaoXO+4vv+fORR24q2

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	1172	7zFM.exe
Token: 35	1172	7zFM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1172	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Binaries.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads