Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
-
submitted
15/11/2023, 14:04
General
-
Target
Xvirus-Tools-1.7.0/util/options/token_server_nicker.py
-
Size
678B
-
MD5
3a5b958fec5481afedb5880366b786c0
-
SHA1
c658217b0bcb165780b5fdefec78ab7dd05feb76
-
SHA256
2aea24b7190067422a60bbe326e8271e272ce3c8b68d7c69961cf4d9d405cb7e
-
SHA512
b729820ceacae291e7d307d4d335fa719c6f5267d55c5706c11c5f9c05c3090027f7c417620af14b3ff3420c2f6bcc3b4a6ed51322c0ef39611c6254140ed203
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Xvirus-Tools-1.7.0\util\options\token_server_nicker.py1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Xvirus-Tools-1.7.0\util\options\token_server_nicker.py2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Xvirus-Tools-1.7.0\util\options\token_server_nicker.py"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD56d134a84dfcc13fc6a6a4be69171ac68
SHA1e5c60092e3f2e95d603769444f5fd43605d771cc
SHA2561bfe43e0639a9bd369827807f058259b2e541f342c72dd84fe1fa6b34d650559
SHA512aba4df7f2ad5f86c0abe07e8d580e9c9415a2ee8df34e283cefce5658a25dc4b880e298b3056222cc92088c121990af57b4bca2ff8946e70dc09e6c28d9ad40a