Overview

overview

10

Static

static

5

OC 129075-...D).zip

windows7-x64

1

OC 129075-...D).zip

windows10-2004-x64

1

fd9916fc84...d9.eml

windows7-x64

5

fd9916fc84...d9.eml

windows10-2004-x64

3

OC 129075-JG-3229.rar

windows7-x64

10

OC 129075-JG-3229.rar

windows10-2004-x64

1

OC 129075-JG-3229.exe

windows7-x64

10

OC 129075-JG-3229.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    104s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/03/2025, 20:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    OC 129075-JG-3229.rar

  • Size

    550KB

  • MD5

    92ca133e27d245b891b865b36a8eaacc

  • SHA1

    b945e869e422f972cf23370fec8c9f141a174c7a

  • SHA256

    36fe9874c1c7e5c083ca7780dfe57018f5057ca1989472132a2d877409cb1f78

  • SHA512

    494e7a820fc034a61f15fa7f77035f95a56b9b33fcb17af97b9b2bbddffad181a9492fcaf318284b8912d1f1f1c07be31611ee60864076eebcfadea3696944be

  • SSDEEP

    12288:llOdZ9ZUIZ7vBN/2aS5LuYBlcCUf03KQMIKml77EG:l4dpBOhP0fJ7ml77

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\OC 129075-JG-3229.rar"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:5848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads