Overview

overview

3

Static

static

1

Sorted-Algorithm.py

windows7-x64

3

Sorted-Algorithm.py

windows10-2004-x64

3

Analysis

  • max time kernel
    89s
  • max time network
    92s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    03-10-2023 10:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Sorted-Algorithm.py

  • Size

    1KB

  • MD5

    65d880c7f474720dafb84c1e93c51e11

  • SHA1

    86072d208f6b2f20a890f54fe5acab5ee52f9ec4

  • SHA256

    255392992bf103d218466399d670300453a69f24398b02f316a74826c1f95a82

  • SHA512

    e701046c4b9dcd3718d0dca7d233bf5a9b9c344e86b60c0b2b6f355f6f794e11e716f13cd306befc2f989114bf55b22f3f1da711010b53e0431c217243665878

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Modifies registry class 11 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Sorted-Algorithm.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2468
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Sorted-Algorithm.py
      2⤵
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of WriteProcessMemory
      PID:2728
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Sorted-Algorithm.py
        3⤵
        • Modifies Internet Explorer Phishing Filter
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2420
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2684
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Sorted-Algorithm.py
          4⤵
            PID:1196

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c47d7c9d582c80723ca200f0b6c9cc8e

      SHA1

      2167a1f27bd9cab417f2ffbc08e31d3f7f764941

      SHA256

      1819a46b4f8e815ec644f994cdb7ffe8d1b52f1cf76ac5833e08ccab271e1382

      SHA512

      baa0de16aa65e59b0117b3af8345517f1824bc94fca55c7f7efc3e41b5e0e98d67f49bfee728be333f24bdf69f14eac9eb883e7a1c1e3b1df8d55ca50872fc3e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f54701b839e12773de54a51784686237

      SHA1

      b6a26142245e50a5714642d590b4e6df48855223

      SHA256

      9c0d062290a4b8f83d3c9aa26c999d5e8f3ff20becfb72b14b957b63af8ec365

      SHA512

      6eb1d5ed6578f96334ea7455a29d99295cf68c8f746bb33db63895b03638f8dff9f821b10a66f122a6f947eb1e6b3911059cd8a680d154271b2a4202fb048c64

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      928a71a6d6dcf4a9715a264198192544

      SHA1

      0a9d55ee5512c1077ffc62787ea5dc96862f671e

      SHA256

      23328ada02ca9b1da7aa3078c256be9a34000ecb0a7f2f8cd16938b0a3447b5b

      SHA512

      e85863b1c3a72796179112a6d1a93d8d946dc00f48796350c53a0f295594fbcdb5815182a44ba07569da79dff504732f15f1956d395ecc082248c899937371b0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cdd7f2496294d98ee5ab51f73df542dd

      SHA1

      031fd385f3b8ab9e354396fc3540b26260b4dfbe

      SHA256

      ffe04f14e2ae4185e9c11fc707b8f80891abd3c18166650c458f2f47e32799e4

      SHA512

      d4f32431b2c5cf68e43acda336241ca926dd0c3610d6ee03fc122eb67c8b4d67603e5f85754fb6d5151980aa40edfb58ef7d22403d01596d032e3778b7148c55

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a5cf1757f1aad6ce6b339499f610d4a1

      SHA1

      21c92506877a95b61a8974eb8684c67cc5eb7f4f

      SHA256

      e719dbcac5790ec19f1a0eed99ca412179a4288a739365245b8642d12687e0df

      SHA512

      8da510e3a0ce57dae2cf8eae980f7cc8f8b8f53dc4f30b57b0247aca11f398135272538b6ca6c2fce4e3e347c5871533657cebcd7ffeb626ca75de424d686c8a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f6446ea62db1c66cb7244c5025756ab1

      SHA1

      25541c254442dfa42f26183538885b9ce9137733

      SHA256

      2ec74509542d2f9573051cad5460587ad021e5da41ec355c08573b2aaf1e686e

      SHA512

      97cf807110b03c2ec699be72e7765080288812729ef3727b5e8fee97592cdb65cfb6992536c4d9d005033201acf56efa30192cdda439f87974822cfafb3a0f9e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      390532845411584645ba0212517b0199

      SHA1

      bc0ac0bf092de65bb661ec67e2eb5a66093fcb9f

      SHA256

      81882a411e7537c9afbce2b87059c963c447bd2b5d5363fc0cad8135579df2ef

      SHA512

      dbde3e3a9d2d3e3eb13abbe3476c3f55800bb3d9efe66b20e8ee6a5a967cab3bf2c060ce221cf2f5bad39c553b017816bb0bc785d48563f0482d12f04c9372d0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d4ea90fe57c51a99b03ca283e120da83

      SHA1

      ee3bb21476651e66534a6913c8be4ce0d3277f76

      SHA256

      4a4372c6bdc311917477d9e2818f8c317d6c5cb7ebadca6d03c0a838127dc91a

      SHA512

      50637c5ce260687e10831e46f130605a982d13c8bbb0055bd4219cb0b1449ab002a815c7a667677a70b3e244389d88c1c486046f179601092a0a5c80e33933d7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      829d926c158458bc60e620dc366b77ed

      SHA1

      5be661ab4af992a27ca5ee4875b82059052fe93a

      SHA256

      6711aa1e80a4c9279c2f3ada21737cbc112ed201223078de8753c93f793e6303

      SHA512

      d22e26a4ba1fe24ac2ecca67ebb1a0a6a1c1930eca7b109670017e5baf31fb8b76aec04d903bf01ded0edad9e06301966b6af10d65f2cf3473a612aef09e62b1

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab90FB.tmp
      Filesize

      61KB

      MD5

      f3441b8572aae8801c04f3060b550443

      SHA1

      4ef0a35436125d6821831ef36c28ffaf196cda15

      SHA256

      6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

      SHA512

      5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar917B.tmp
      Filesize

      163KB

      MD5

      9441737383d21192400eca82fda910ec

      SHA1

      725e0d606a4fc9ba44aa8ffde65bed15e65367e4

      SHA256

      bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

      SHA512

      7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

      Download Submit