81053453319c898a7e808c8d02ac82df57d582a69e7d0a6b71bc0ca3702cf1c7

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/03/2025, 11:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Patch.exe
Size

7.8MB
MD5

3a850db4850dd41e9525ac90d8a8b747
SHA1

2334e46413dddb83b67c4f876e0cb273b8ec061b
SHA256

81053453319c898a7e808c8d02ac82df57d582a69e7d0a6b71bc0ca3702cf1c7
SHA512

2504a7f4f56be35a4561e116738415d5819091d86143ef5da42f62b712a338c4b63799a8fdbbc21f7b68a67f78c47531b032e801493b11c9f0b381d486568f47
SSDEEP

196608:ThYJw5gF/9+zgr0ol1xaw6oXsBcvvxNR0ZCRQzKVBnKEb+RFLTA:T6J7/9+zgrD51qCRQOPgFL8

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3060	7z2201.exe

Loads dropped DLL 1 IoCs

pid	Process
3060	7z2201.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates processes with tasklist 1 TTPs 1 IoCs

discovery

Process Discovery

T1057

pid	Process
1792	tasklist.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\el.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\fr.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ko.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\mk.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\mng2.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\nb.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ug.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\uz.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\gl.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\sl.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ta.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\uz.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\vi.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\yo.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\7z.dll	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Uninstall.exe	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\7-zip.chm	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\7z.dll	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ast.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ga.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\hu.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\hy.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\io.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\va.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\7z.exe	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ba.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\en.ttt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\fa.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\hr.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ka.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\kab.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\mn.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\sv.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\fur.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\mng.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\uk.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\zh-cn.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Uninstall.exe	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\id.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\io.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ky.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\cs.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\cy.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\fy.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\sw.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\sw.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ku.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\mk.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\mr.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\uz-cyrl.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\7z.sfx	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\7zFM.exe	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\7zG.exe	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\br.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\da.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\et.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\fi.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\fy.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ku.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\sa.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ta.txt	7z2201.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\az.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\eo.txt	7z2201.exe
File created	C:\Program Files (x86)\7-Zip\Lang\he.txt	7z2201.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2201.exe

Modifies registry class 15 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files (x86)\\7-Zip\\7-zip.dll"	7z2201.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2201.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2201.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2201.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2201.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2201.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2201.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2201.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2201.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2201.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2201.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2201.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2201.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2201.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2201.exe

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
3060	7z2201.exe

Suspicious use of AdjustPrivilegeToken 41 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2068	WMIC.exe
Token: SeSecurityPrivilege	2068	WMIC.exe
Token: SeTakeOwnershipPrivilege	2068	WMIC.exe
Token: SeLoadDriverPrivilege	2068	WMIC.exe
Token: SeSystemProfilePrivilege	2068	WMIC.exe
Token: SeSystemtimePrivilege	2068	WMIC.exe
Token: SeProfSingleProcessPrivilege	2068	WMIC.exe
Token: SeIncBasePriorityPrivilege	2068	WMIC.exe
Token: SeCreatePagefilePrivilege	2068	WMIC.exe
Token: SeBackupPrivilege	2068	WMIC.exe
Token: SeRestorePrivilege	2068	WMIC.exe
Token: SeShutdownPrivilege	2068	WMIC.exe
Token: SeDebugPrivilege	2068	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2068	WMIC.exe
Token: SeRemoteShutdownPrivilege	2068	WMIC.exe
Token: SeUndockPrivilege	2068	WMIC.exe
Token: SeManageVolumePrivilege	2068	WMIC.exe
Token: 33	2068	WMIC.exe
Token: 34	2068	WMIC.exe
Token: 35	2068	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2068	WMIC.exe
Token: SeSecurityPrivilege	2068	WMIC.exe
Token: SeTakeOwnershipPrivilege	2068	WMIC.exe
Token: SeLoadDriverPrivilege	2068	WMIC.exe
Token: SeSystemProfilePrivilege	2068	WMIC.exe
Token: SeSystemtimePrivilege	2068	WMIC.exe
Token: SeProfSingleProcessPrivilege	2068	WMIC.exe
Token: SeIncBasePriorityPrivilege	2068	WMIC.exe
Token: SeCreatePagefilePrivilege	2068	WMIC.exe
Token: SeBackupPrivilege	2068	WMIC.exe
Token: SeRestorePrivilege	2068	WMIC.exe
Token: SeShutdownPrivilege	2068	WMIC.exe
Token: SeDebugPrivilege	2068	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2068	WMIC.exe
Token: SeRemoteShutdownPrivilege	2068	WMIC.exe
Token: SeUndockPrivilege	2068	WMIC.exe
Token: SeManageVolumePrivilege	2068	WMIC.exe
Token: 33	2068	WMIC.exe
Token: 34	2068	WMIC.exe
Token: 35	2068	WMIC.exe
Token: SeDebugPrivilege	1792	tasklist.exe

Suspicious use of WriteProcessMemory 46 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 2348	1696	Patch.exe	30
PID 1696 wrote to memory of 2348	1696	Patch.exe	30
PID 1696 wrote to memory of 2348	1696	Patch.exe	30
PID 2348 wrote to memory of 3060	2348	cmd.exe	32
PID 2348 wrote to memory of 3060	2348	cmd.exe	32
PID 2348 wrote to memory of 3060	2348	cmd.exe	32
PID 2348 wrote to memory of 3060	2348	cmd.exe	32
PID 2348 wrote to memory of 3060	2348	cmd.exe	32
PID 2348 wrote to memory of 3060	2348	cmd.exe	32
PID 2348 wrote to memory of 3060	2348	cmd.exe	32
PID 2348 wrote to memory of 308	2348	cmd.exe	33
PID 2348 wrote to memory of 308	2348	cmd.exe	33
PID 2348 wrote to memory of 308	2348	cmd.exe	33
PID 2348 wrote to memory of 1956	2348	cmd.exe	34
PID 2348 wrote to memory of 1956	2348	cmd.exe	34
PID 2348 wrote to memory of 1956	2348	cmd.exe	34
PID 2348 wrote to memory of 684	2348	cmd.exe	35
PID 2348 wrote to memory of 684	2348	cmd.exe	35
PID 2348 wrote to memory of 684	2348	cmd.exe	35
PID 684 wrote to memory of 2068	684	cmd.exe	36
PID 684 wrote to memory of 2068	684	cmd.exe	36
PID 684 wrote to memory of 2068	684	cmd.exe	36
PID 2348 wrote to memory of 836	2348	cmd.exe	38
PID 2348 wrote to memory of 836	2348	cmd.exe	38
PID 2348 wrote to memory of 836	2348	cmd.exe	38
PID 836 wrote to memory of 1792	836	cmd.exe	39
PID 836 wrote to memory of 1792	836	cmd.exe	39
PID 836 wrote to memory of 1792	836	cmd.exe	39
PID 2348 wrote to memory of 636	2348	cmd.exe	40
PID 2348 wrote to memory of 636	2348	cmd.exe	40
PID 2348 wrote to memory of 636	2348	cmd.exe	40
PID 2348 wrote to memory of 2448	2348	cmd.exe	41
PID 2348 wrote to memory of 2448	2348	cmd.exe	41
PID 2348 wrote to memory of 2448	2348	cmd.exe	41
PID 2348 wrote to memory of 2256	2348	cmd.exe	42
PID 2348 wrote to memory of 2256	2348	cmd.exe	42
PID 2348 wrote to memory of 2256	2348	cmd.exe	42
PID 2256 wrote to memory of 2344	2256	cmd.exe	43
PID 2256 wrote to memory of 2344	2256	cmd.exe	43
PID 2256 wrote to memory of 2344	2256	cmd.exe	43
PID 2348 wrote to memory of 2816	2348	cmd.exe	44
PID 2348 wrote to memory of 2816	2348	cmd.exe	44
PID 2348 wrote to memory of 2816	2348	cmd.exe	44
PID 2816 wrote to memory of 2428	2816	cmd.exe	45
PID 2816 wrote to memory of 2428	2816	cmd.exe	45
PID 2816 wrote to memory of 2428	2816	cmd.exe	45

C:\Users\Admin\AppData\Local\Temp\Patch.exe
"C:\Users\Admin\AppData\Local\Temp\Patch.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Windows\system32\cmd.exe
  cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\07KO7HB7.bat" "C:\Users\Admin\AppData\Local\Temp\Patch.exe""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2348
- - C:\Users\Admin\AppData\Local\Temp\qbF76B4ED.49\7z2201.exe
    "C:\Users\Admin\AppData\Local\Temp\qbF76B4ED.49\7z2201.exe" /S
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: CmdExeWriteProcessMemorySpam
    PID:3060
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo ------ Program successfully licensed! ------ "
    3⤵
    PID:308
- - C:\Windows\system32\msg.exe
    msg *
    3⤵
    PID:1956
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic path win32_LocalTime Get Day,Month,Year /value
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:684
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_LocalTime Get Day,Month,Year /value
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq SbieSvc.exe" /fo csv /nh
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:836
  - - C:\Windows\system32\tasklist.exe
      tasklist /fi "imagename eq SbieSvc.exe" /fo csv /nh
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:1792
- - C:\Windows\system32\reg.exe
    reg query "HKLM\SOFTWARE\Microsoft\Alu" /s /reg:32
    3⤵
    PID:636
- - C:\Windows\system32\reg.exe
    reg Add "HKLM\SOFTWARE\Microsoft\Alu" /f /reg:32
    3⤵
    PID:2448
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation" /v "SystemProductName"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2256
  - - C:\Windows\system32\reg.exe
      reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation" /v "SystemProductName"
      4⤵
      PID:2344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c reg query "HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current" /v "SystemProductName"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2816
  - - C:\Windows\system32\reg.exe
      reg query "HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current" /v "SystemProductName"
      4⤵
      PID:2428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\07KO7HB7.bat

Filesize
52KB

MD5
4e24355b61c72abed57ce9087ad75459

SHA1
ad2a70eaa999c60862e7d89ba4639a81b099b7c1

SHA256
f8f2a66e410a04d1d810074290378c232a4b2b11e5bbe1d868576c80318bfab7

SHA512
d8e7b740569ce87da37da3ac0822fcba9af6437bc8d20f883f96c9fc0ee00d53ed4e27ae44224b93efec27101ede50effb140015aa3266ccae8f513de703c194

Download Submit
C:\Users\Admin\AppData\Local\Temp\qbF76B4ED.49\7z2201.exe

Filesize
1.2MB

MD5
734e95cdbe04f53fe7c28eeaaaad7327

SHA1
e49a4d750f83bc81d79f1c4c3f3648a817c7d3da

SHA256
8c8fbcf80f0484b48a07bd20e512b103969992dbf81b6588832b08205e3a1b43

SHA512
16b02001c35248f18095ba341b08523db327d7aa93a55bcee95aebb22235a71eae21a5a8d19019b10cac3e7764a59d78cf730110bae80acc2ff249bbc7861ad7

Download Submit
C:\Users\Admin\AppData\Local\Temp\qbF76B4ED.49\cnf

Filesize
52B

MD5
8ef9e3800f3da4fe9ac22699b457e95b

SHA1
4f66d2f0f8c5c95b3b728a1a5e6deac269afcada

SHA256
1340e725f1e3c0ccdcb8fa5da3ab958d43731f6d5e158355f165490894922f32

SHA512
0a145f96034d1f277175840d3b080c2d934360c2a8258bbbda605c31f0dcb8fb81eb7800c034b0c8f4bd09c74102a73ecf5345d38b8bb24fddb86d526370d9eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\qbF76B4ED.49\jb.7z

Filesize
67KB

MD5
3056453b2ea9a7987180a0f7c6e0601d

SHA1
069178ea6b242cd326a2ca2b983816c412ea9307

SHA256
b572e1b4af12863e3444049875bc5fdfcf5b126f29938d4d1a46d3a473554c49

SHA512
8f86ec1ac4f6190c057816914648a448531f402a7b91dc956ec975a951bc95e52f3228984a5d3b1f609924f40fabe8d8f55f4ecf58db44f0ef94f42e95b0b425

Download Submit
C:\Users\Admin\AppData\Local\Temp\qbF76B4ED.49\jbk.7z

Filesize
7KB

MD5
e4e67d6f10c69cb29c4815a2ecda209f

SHA1
92eef38f4e992bc00df9d15ad13b244e8c0c407e

SHA256
52b7e3123089a575490bbd81342a10ad6aba22fc54c2a7d5e6d1fc421e99f60d

SHA512
92f08578a0998370f974ee90925f4f943eb7c039cf4d9ee7c9474a52ee9b1deebd3a8c792de1228f667b0b0cb13871dcfe19a81fa227e60d6efff788330a2d54

Download Submit
C:\Users\Admin\AppData\Local\Temp\qbF76B4ED.49\jjbb2.7z

Filesize
6.0MB

MD5
bcc8b5100b2c372c551f30bb6191ffaf

SHA1
5c98293d8b9eca244f499c0043824d8744adc209

SHA256
a590e1f8af79ff6285e2a278789fb8904034e5076b30b2a02f944851fce0a33c

SHA512
52b0dde7ef601af320dc8980e4a98a0edae1fed7a38113d7168dc347d8e3e1e2c0101c68e7408f12fc03471c1d53c9d0a203d83522fa5ed8ece0e517c8ff5009

Download Submit
\Program Files (x86)\7-Zip\7zFM.exe

Filesize
574KB

MD5
bbb2667d9b2fd922e52883a63e8cd948

SHA1
d4238ac5e2eb3ec7236e5e098ee3b31d26efebee

SHA256
69392e292a0e7195e0c96bbbfe989949d044b63dbce2e5324f1bb99aa2560e3f

SHA512
2f801ae372ca3fc4cd858b6d1783977c8357e5616f45311ffff70b3eee20490f2c6e34a12139a6c0b9faaaf6e59985fabc1cae22510e6b632bae425a58793681

Download Submit
memory/1696-252-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2348-22-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads