Overview

overview

10

Static

static

7

6f740ba69a...ae.apk

android-9-x86

10

6f740ba69a...ae.apk

android-10-x64

10

6f740ba69a...ae.apk

android-11-x64

10

license-ru.html

windows7-x64

1

license-ru.html

windows10-2004-x64

1

license.html

windows7-x64

1

license.html

windows10-2004-x64

1

UserDict.pyc

windows7-x64

3

UserDict.pyc

windows10-2004-x64

5

_abcoll.pyc

windows7-x64

3

_abcoll.pyc

windows10-2004-x64

3

_sysconfigdata.pyc

windows7-x64

3

_sysconfigdata.pyc

windows10-2004-x64

3

_weakrefset.pyc

windows7-x64

3

_weakrefset.pyc

windows10-2004-x64

3

abc.pyc

windows7-x64

3

abc.pyc

windows10-2004-x64

3

copy_reg.pyc

windows7-x64

3

copy_reg.pyc

windows10-2004-x64

3

genericpath.pyc

windows7-x64

3

genericpath.pyc

windows10-2004-x64

3

linecache.pyc

windows7-x64

3

linecache.pyc

windows10-2004-x64

3

os.pyc

windows7-x64

3

os.pyc

windows10-2004-x64

3

posixpath.pyc

windows7-x64

3

posixpath.pyc

windows10-2004-x64

3

re.pyc

windows7-x64

3

re.pyc

windows10-2004-x64

3

site.pyc

windows7-x64

3

site.pyc

windows10-2004-x64

3

sre_compile.pyc

windows7-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    06-09-2023 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    genericpath.pyc

  • Size

    3KB

  • MD5

    9218a22bb71073ba455b83f245af3893

  • SHA1

    04f6e152e228035575ac3a8ce950595d5f96e0f4

  • SHA256

    89a30b8bcf984d0d5538e086c2e5e76f9683d0d87c711a8fb4389331d4342807

  • SHA512

    2518d77e3d37621875768e42818c1051629fbbd0be1f213881843695f910c054dbf1cd040c855fec361f68308aa057d10a8e7efc3ac56d3664e4e812695f9e81

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\genericpath.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\genericpath.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1652
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\genericpath.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    ba25e7b96e87d971c2e06cc62ff6508d

    SHA1

    863426d088691685b6106b6de019b9998e6c2635

    SHA256

    dbab5a4c3ac671f254a9167d04a83dd0d290467a318187935da235dd27356cb2

    SHA512

    739862be77bca6049bff47958a06a70a9e3b50f6745987148780fe34e51a1f09b085af89c3f23f1fc21a1077bbea186d241645d0bd79bc65d462849ce9938474

    Download Submit