Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
14/01/2024, 14:09
General
-
Target
pizdec123123.pyc
-
Size
9KB
-
MD5
6d1f224a4cd96fdf9562663bc0eb623d
-
SHA1
01954ec5043e50c846184373889c13f50731b464
-
SHA256
a8b286e2928c6be6a8bf36850c903a7061255070c3803a4a3a6bb0cffbc1ea75
-
SHA512
f296943a57b7477596d121bb5d3a40135dba8b2aeca6ace31067415e3fbea26473c6e2bc5963b46d2567f493c2fe3c0112f65bfc4c7696045caecfe22d3302cb
-
SSDEEP
192:dYzQ2UzR65cNTme0KBjo5OX4Czzw5UwO0mPbFbZY6dyDh:dkBUF6qNT7Bc5o4Czzw5e/dm
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\pizdec123123.pyc1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\pizdec123123.pyc2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\pizdec123123.pyc"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5dd4d8547c42b8b3872e9e9fa3fe8d62e
SHA13203e232d7e3efc0e13ac3db7c18290a46224fd7
SHA256606d4eaf3ac0cb6aa0d205e7f10e1a0d61e3bf14d3faf05e26c92fedc8f385c2
SHA512ec2e693fafd78cd0eb0794c472330344407dab0f2bbeb0315e258ac90bb1b5dfc5881dca55382397cb64059a217fbe3786fcadaaf289c3187ca7168eb7ad8467