Resubmissions

15-04-2024 19:47

240415-yhvsysee92 10

11-02-2024 21:53

240211-1rtncsbh6y 10

11-02-2024 16:00

240211-tf4wmahe8s 10

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    11-02-2024 16:00

General

  • Target

    creal.pyc

  • Size

    32KB

  • MD5

    651717bdcddac421fd3ffa1e23f14ece

  • SHA1

    3074d6ad6c2cbce00a9de2307d1664d80d890c39

  • SHA256

    18c562fc51a4b30bca6aeca0e07bd3455b0aab96441dea4be498051783bd80b2

  • SHA512

    1c35e2905a026f7eda5dc7675967c7b41ca055f3efe9eb89d5f152160f3bb4165286adad16fcda72834bb684b10627824dfda3187e03990f3703d9d2943dfd9e

  • SSDEEP

    768:L8Dnr72VsfNEiyGuAfKFMrRtfqtvEwS7bnjerAroaHjsIAcn8YC06X:IjrveZaKFcfDwS7fuPc8YD6X

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\creal.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2496
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\creal.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3016
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\creal.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    d51883ed7e4bd18f5f9eefe7b00fc119

    SHA1

    e18af28321d68acae0a63a4fed945293a3466c2b

    SHA256

    c9ba1f3ca48e3bf00d2849788cd776db8b1b4e5fd92d8a65d13569079c784bbd

    SHA512

    230fc8e42f71567d738969543038d9f945a5e75fe726315f982de9a5c6a5cdb04162c0a003e6c84093d2bee92547697b94bc9f37647408b3d1d32710c6a1ce7e

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.