Analysis
-
max time kernel
118s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
18/02/2024, 00:52
General
-
Target
Dr. Yuuko's Sex Practice/renpy/main.pyo
-
Size
10KB
-
MD5
154eb27881d9bd667cbe343c43c3073e
-
SHA1
4804c0b047af424cb08182d28468fff1cb8e76a2
-
SHA256
9f8cec0d5e38e587ecdfe2bb91922cfd1d29e4d1d34a892538bd985388dae131
-
SHA512
3bc9d0c194d09106d6a9da859177b6357c840d8d5f835fb937be068571cf5494816946a0edc296589eb3b19a020910e2178b00c95f53534e6f5c1a02b9651cbf
-
SSDEEP
192:gy/YwfbzC79yG/ucwNmJVj2VrW2Yvt+B3mf4VDW/lmjfJBtKOZz:7TzMlwM92Yl+B3mfoelCfVKOV
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Dr. Yuuko's Sex Practice\renpy\main.pyo"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Dr. Yuuko's Sex Practice\renpy\main.pyo2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Dr. Yuuko's Sex Practice\renpy\main.pyo"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5db7345ce8a5d727d6e91e77a5c0ba872
SHA16b88f001de0ad8c4c94af504c02e2fe28bc038f5
SHA256a05a1ba783918f2c03ca358ee23179977b70cb0d7b5bbca342fd3fa20de8e299
SHA5122e75e612534af5124eba51f7b24a37d4af7f4ef1d48680e50c8859802acf05901ca3b98eb2a1658ad5bfcf8e621617cee1aed80ab8ebab632cdec171e1756c1d