Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
-
submitted
15/11/2023, 14:04
General
-
Target
Xvirus-Tools-1.7.0/util/options/token_saver.py
-
Size
3KB
-
MD5
fb2b280091a1a3c988efadb96af49c40
-
SHA1
64d6a610e28f856d6577146960c189424129d501
-
SHA256
92cc387679e9d6ec8e81a8ebe7dae81b8b7e43814f5aa7cde9aa602477b1ed20
-
SHA512
4497999a77f1be6f52b681378872c36219f2e3e6db7c66864438db7425c123325ccf27168e839b54a93cc56830dd8bb35395c486d45bd1702b6879983229126c
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Xvirus-Tools-1.7.0\util\options\token_saver.py1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Xvirus-Tools-1.7.0\util\options\token_saver.py2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Xvirus-Tools-1.7.0\util\options\token_saver.py"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD512946c134d31eba05820c435d5ddb1d8
SHA1ef4ee14a60064dafdf0e4cc3f3ef732a8fc45596
SHA256c1c7ef546325248da048664fa8ef739571a7c0ce94fd9a6297f521a67e79b637
SHA512493627b5aec1d0ff5b1e8c0c39283216d7c1266a4cc417ab152cd25f0540e881d619899cf6bbe582c52ff6ff3d0829bb72886e7d289db0b6bd2cb77611b16b58