Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    06/09/2023, 22:01 UTC

General

  • Target

    UserDict.pyc

  • Size

    11KB

  • MD5

    efcbe1f3ba66174c7498b9d02b74c84c

  • SHA1

    dbe94d3516b2b179124dbb7db5fa6241c3e6045c

  • SHA256

    94dd9035bc81842df7e50550da82db7bcf3d2786387c34bca660e0836d67e9b3

  • SHA512

    b3133caccd23b2598a10e38d08b5338426b2bd4488f984841535dd8802054619690b7763e1c38c5a61e9de1f7d15543fb0da6d91672256649022f3aa858d510d

  • SSDEEP

    192:rhktDonbVYqbaighlUFLynIxNaHH28fbKHO0uo9DIKJq70KZEJ4blivYbi5+SH5P:3nbOqbaiAqFLynIxNanBfOO0uoaKJq7G

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\UserDict.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2172
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\UserDict.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2752
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\UserDict.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2504

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    d0b264b7d276886c7ef505272c9fccee

    SHA1

    5d3f9ca9ed0974b29dcbff06fbcfa40284cc597b

    SHA256

    d0a8fc57b72f2a58a4ae1e93f0b265c4f71aa7b1a0ee5573e4be722feb59b4d1

    SHA512

    3ed7e22790c24889a8eea24db7b3be0f7ca7525cfc216f9250022c3d985a4f3b7c5c8fae6ee0b96b06c1a1ddae8161300f32ae591841b1b16b82c6df7d40ebd8

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.