Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
27-07-2023 00:17
General
-
Target
logz.pyc
-
Size
43KB
-
MD5
e8404b29b4fa30815c7588269eba266e
-
SHA1
38a2bcd9687e1d8585d1d80220f1dc02502131ce
-
SHA256
f82ca3bffe904933b523c3a2e42866e66847e1636a22ecc12de839a20dfa982a
-
SHA512
72456fe0714beaf61f8f2f42c0fe509cef16b03b4cb81719c30f7e766d5312510ca9594e2b3984642f64b62a5b24d59f593e0baec5cf79375ab6c942fdb155e6
-
SSDEEP
768:moP7h/z2Q4JESUP/8L541CnVWhc6ceJ+wu0wkWtiPucunDLkgMQFkgLdXNzINMU:ms7h/z2oF8VSCV0cL6Ru07WQfunnRug0
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\logz.pyc1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\logz.pyc2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\logz.pyc"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD58328eab201c7e4d911ecb48ec35da1a0
SHA101d6205729fa124fff2b1712ce0dc5337bc3d9c5
SHA256956287be77a74dc477ceaf48858a11e77456d730bcd3b592b956742da0ad0fe4
SHA5122a4eb1731e9736e603fd3e77b7310b92c46d8f7a4eeaab7a98d0505407bf1403ebb9fc82e3c7bbb9e9cf6cdf8731afc434f0442c86e73247bc946189c4a6c7be