Overview

overview

3

Static

static

My.Stepsis...he.pyo

windows7-x64

3

My.Stepsis...he.pyo

windows10-2004-x64

3

My.Stepsis...os.pyo

windows7-x64

3

My.Stepsis...os.pyo

windows10-2004-x64

3

My.Stepsis...th.pyo

windows7-x64

3

My.Stepsis...th.pyo

windows10-2004-x64

3

My.Stepsis...__.pyo

windows7-x64

3

My.Stepsis...__.pyo

windows10-2004-x64

3

My.Stepsis...at.pyo

windows7-x64

3

My.Stepsis...at.pyo

windows10-2004-x64

3

My.Stepsis...te.pyo

windows7-x64

3

My.Stepsis...te.pyo

windows10-2004-x64

3

My.Stepsis...nt.pyo

windows7-x64

3

My.Stepsis...nt.pyo

windows10-2004-x64

3

My.Stepsis...__.pyo

windows7-x64

3

My.Stepsis...__.pyo

windows10-2004-x64

3

Analysis

  • max time kernel
    89s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 13:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    My.Stepsis.is.a.Futanari/My Stepsis is a Futanari/lib/linux-x86_64/lib/python2.7/renpy/__init__.pyo

  • Size

    15KB

  • MD5

    8f69e6b908ea757923888043f5dbe4a9

  • SHA1

    db9189d4ea80f2a0ecc257deb6fbf1c9d0068a1e

  • SHA256

    84c2867306e55c2d039762b1392ed40d5d3aff3afeac24418bc29ba322c1b170

  • SHA512

    eef14270fb3159c67f4ea8d1026ba77a205629ef1d46b0e270563054ecb932e55c2f37db06e6d71b0bb1ce7fc6530951706d1c8184a1856479570bcc24c9fb9e

  • SSDEEP

    192:ICZOLGDjJhOddYeSZecRfYA55vKDkEcv6tMD9unLfywWBF06kvT4KLzIVlCU:IvddhL4gE5Sw/ytMUXWBu6kvT4G2f

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\My.Stepsis.is.a.Futanari\My Stepsis is a Futanari\lib\linux-x86_64\lib\python2.7\renpy\__init__.pyo"
    1⤵
    • Modifies registry class
    PID:1744
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1412

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads