Analysis
-
max time kernel
151s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
-
submitted
21/11/2023, 10:00
General
-
Target
CodeTest-main/EXP/ApacheTomcat.py
-
Size
10KB
-
MD5
1d79bb563228ae379e6438b7d2454848
-
SHA1
7a5550a78bcbe70c077882dd46d0dd7d5f4aa0a5
-
SHA256
a9a5d6f0e4b3ee38aa3733dc64dd2e1e54134a805a992d06149292e67a23eb7f
-
SHA512
9fbd81b3e64197370572c62d2b0e082e8b5872af2ecb798daeaeef848e537988eb6dce736dd3493666eaa5e346a78771cd7e8b1278bf09d7d6fc11d2fcf631f6
-
SSDEEP
192:cXOkWzhavT7aaTiAoPjwwa4qeBj05D+Of+vFwuV8X6FudNfz:cOT1avnaaTdo7vaWI5D+nM6FC7
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\CodeTest-main\EXP\ApacheTomcat.py1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\CodeTest-main\EXP\ApacheTomcat.py2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\CodeTest-main\EXP\ApacheTomcat.py"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5c6e7730f9221cd850de5dc0323166a09
SHA1355d720189a5b760d00e7c9461d6503fddbb158a
SHA256125102ec913af4e0e40e2aeac6af2356aaf29146007e6c51820d2dc8fd087495
SHA5121b60931f1298b5941fc31ef6f6a75612af0d2cf2536feb49cf890efc86bb0b5944533a1f09a38e634f87b2a38442a139cb586c6b7db6cd56c0fb2ec329b6464e