Overview

overview

3

Static

static

1

dildo rat=...at.bat

windows7-x64

1

dildo rat=...at.bat

windows10-2004-x64

1

dildo rat=...um.bat

windows7-x64

1

dildo rat=...um.bat

windows10-2004-x64

1

dildo rat=...ain.py

windows7-x64

3

dildo rat=...ain.py

windows10-2004-x64

3

Resubmissions

23/11/2023, 14:37

231123-rzepqsac94 3

23/11/2023, 14:23

231123-rqbaysac63 8

Analysis

  • max time kernel
    123s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/11/2023, 14:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dildo rat=jpg dönüştürücü/main.py

  • Size

    11KB

  • MD5

    bd80af0b8b748d5e3c04ce6707fcf419

  • SHA1

    fed9b67696a6c3426a5f31cc49b401882a1d0439

  • SHA256

    b50cc170e868fcab0b67cd6be586119f6e00f7ec35d72c9ef18e643b02337cc6

  • SHA512

    eab74486af542fb34a2cb8efb51cc8aff6cc8906d5b4ef5d2f15476f4498c368e8b4741b2bf56f1ebaa6b0b0b800ef8b45bd527f323d4fc640a29c284c9fc409

  • SSDEEP

    192:VLo1NxipNqpP9w3/ED9QVB0IhzhHZm8Pj8/LBCNt47RYWVBRsMDI/7BRB7/RJ/7N:RaNpP28xIhzh5m8Pj8jBCv47RnVBRI7b

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\dildo rat=jpg dönüştürücü\main.py"
    1⤵
    • Modifies registry class
    PID:2884
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:4864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads