Analysis
-
max time kernel
153s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
-
submitted
15-11-2023 14:04
General
-
Target
Xvirus-Tools-1.7.0/util/options/token_leaver.py
-
Size
646B
-
MD5
6a02f7f772967b2c09830486ccb4f271
-
SHA1
cf008cde342db79b6cb930892c28d1884eed38f7
-
SHA256
8fa94244eafc5ff342c881a9479dec1b9dffe930617668a72a1e5b2776fb2cea
-
SHA512
12f0688ab11c6b4b8051c7a258cd41b3182002e886185f1d9faaedf9a6280b70ed142cc14899606d6ac8e5cab4ebf2aa898aab903bfd0c1243f734479fb32839
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Xvirus-Tools-1.7.0\util\options\token_leaver.py1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Xvirus-Tools-1.7.0\util\options\token_leaver.py2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Xvirus-Tools-1.7.0\util\options\token_leaver.py"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5aa8a254f2e2e2f314eef217065e63560
SHA13cfb63572d2af6d6d43d50e8e7dee905a1b3ffbf
SHA256c53bb5f4df625c3d64ac8490495471671a55eb48f6583a8dece7ebab3fe0ce47
SHA512663dff35ea4239f6c6f122a30541f256b5e9b95558f35aebc44632ef2af4cb3a4b62fc8eefa1ea937da262615350a9e767dd48b74626cc5a41004d638043cc9c