Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
11-08-2023 02:42
General
-
Target
ftpcrack.pyc
-
Size
31KB
-
MD5
7dec2a4693aff97a3c69a1bb6ec1fc5e
-
SHA1
bda38c25002ed785261343c7e1e085e2fa01e977
-
SHA256
fbd502647a65b3d2b1d654be47073f375cb67d49cedd516b80516dbd9c4bcc63
-
SHA512
d735d3ddfa942392d6982eb20621e0301bdd62dd1e804d4240c18945f886ad2ea50378cd15ae8fadb9d38b70743ad3f2e2c8e3daa82988595460e18c8a8e60dc
-
SSDEEP
768:m64+MyRk4o7v8Q0xqhtzZlryFu1KGxf6POOUExMTpKUcc9dDObS:m64+Rji8FxqnZlryFQhh6PbUEK9Ks91H
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\ftpcrack.pyc1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\ftpcrack.pyc2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ftpcrack.pyc"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEventsFilesize
3KB
MD5c42aebb40cff1aa61b1bcb11bdfde6b1
SHA10ec628caa64a56f532abc938e2dad187569c1803
SHA256c90cf4a604af304b1bfb6af62b71d875eb101e809ef1f96f3cdd97143bca3360
SHA51244f78d824bb738b14e69159385c4bfca417a2dbefd47df69348c1f0e4da8145b07a3444c0bdfabad57374bbfdda1f769b60ca50c8f3162e5a043b661cf0be471