Analysis
-
max time kernel
539s -
max time network
1173s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
02-02-2024 00:15
Behavioral task
behavioral1
Sample
creal.pyc
Resource
win7-20231129-en
4 signatures
1800 seconds
Behavioral task
behavioral2
Sample
creal.pyc
Resource
win10v2004-20231215-en
3 signatures
1800 seconds
General
-
Target
creal.pyc
-
Size
60KB
-
MD5
5d3d31f8c9de3a8c759803aa2f9276bd
-
SHA1
27df752ac51857b8976fa7182ca2888221231be5
-
SHA256
da6df2fa468c7b424d8200b742a354be382371625f30455e08a9ae15e2b5efed
-
SHA512
eb5bcbeb69496d7937f88fe45ea19bfd8bad1364bb4708e31f8d192dbd524ad8d62fa46ad0ffd33d4c8ec89979abe95217a0830a628dcfb4c6af0de5f3bb2cac
-
SSDEEP
1536:urjr+5Ixj33TRdOOamKbe9u6m4133Jbd/:uD+5Ixb3asut4133j
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 4432 OpenWith.exe