Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
19-09-2023 07:42
General
-
Target
ftpcrack.pyc
-
Size
31KB
-
MD5
cdfaeec3b576ee1e801ed0d7981729e9
-
SHA1
d7e34e25732b9e9cf422c5921148e09911c206ec
-
SHA256
153999f48813eed1190adfb2ddf51b73a457ea92563bd54d87aee6220f148cbc
-
SHA512
250b687d2a263bf5c2defa9d57949a0dcf7c8c685836bd064bdb27ef2382b1ed570c7184588d7349b42f89616f2be4631dcca0778772dc23b149036d5bd122ec
-
SSDEEP
768:vJu4RMyRk49Ov7Q0iqhtzZlryou6KGxgP7flAoMT5Kzc5e9DPe7:vJu49Rjg7FiqnZlryoXhuP7lAFlKQeVC
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\ftpcrack.pyc1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\ftpcrack.pyc2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ftpcrack.pyc"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD50482fa5917c129b4b1e195eb3352248c
SHA17ef68e226a7876a848028501ac3e335392b7b8e3
SHA25617337154c2dba416c3469d2af79fff6fdd2d56e6d40b059a0df812bace20ec19
SHA512e399dc5746fa506d36d54d3de00a4f11615177922e6e79d07e56305ab7cb5bdecca01717fa9e3481b5b0c87409bc8a0d92abded6b280cf3178272b9b5419f056