Resubmissions
22-12-2023 09:04
231222-k1vc9agbf3 322-12-2023 09:02
231222-kzksesebdq 322-12-2023 08:57
231222-kwmgvaeaen 7Analysis
-
max time kernel
449s -
max time network
451s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22-12-2023 09:04
Behavioral task
behavioral1
Sample
test-yUGEp.pyc
Resource
win7-20231129-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
test-yUGEp.pyc
Resource
win10v2004-20231215-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
test-yUGEp.pyc
-
Size
74KB
-
MD5
63bcf387b9281fe4ab5af557f33fc41c
-
SHA1
fb8b40342ce244199123625aedf7df76ad23488c
-
SHA256
032d9585febd6b3eb89aad1f088abe52493938812179a72dcff08e13526f614a
-
SHA512
cb4a474a469f947b65858b00b450172f40c1279d73e698415e2c401c02d14caa691074cb9dad69868bbcef7330e61c47d281c4de0996d0fadc30ac8f54d467e5
-
SSDEEP
1536:FKwZq1Wa/hYx/Ys/A/ki5wD66lbcaMrW5N0G:FbZkWa/WdCsi5ku69
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4608 OpenWith.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe 4608 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\test-yUGEp.pyc1⤵
- Modifies registry class
PID:2876
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4608