Analysis

  • max time kernel
    1400s
  • max time network
    1160s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240214-en
  • resource tags

    arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    20-02-2024 20:10

General

  • Target

    limited_sniper-main/src/buy/buy.py

  • Size

    4KB

  • MD5

    364ee0e570a85560a2f157f7ad18b3dc

  • SHA1

    4c6fc32bc3dba082298e0cd74b820bf8ddec264e

  • SHA256

    7e19fc7abed3b34b13117e8a7c9e606f6a46ed217a415e3a11ba7e02517e0cac

  • SHA512

    6a4df446362f656049e88fac98bafa64a68b50e3d2c31c9864669c9febfa0f8ea89b546ece043a4884ce8cf9780556a32c249c3300fcb63a07758a649dbfc167

  • SSDEEP

    96:+OeIAsXxY9+xZ3gnpoAs2v5IIAsEIAsBoWIAsJq8poAs2ISjIAs5IAs0:SIA/npoALvGIAlIA6IAgpoALIIIAaIAB

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\limited_sniper-main\src\buy\buy.py
    1⤵
    • Modifies registry class
    PID:2384
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Desktop\DenyShow.eps

    Filesize

    704KB

    MD5

    621741672a3be1c4aeca255e5fe95f61

    SHA1

    1ee1f358ed7d368bbcc60545bd9ea3af853f2a0b

    SHA256

    00da902687c92058db8412541c6bf2706a5de4dc14900c291e23129d27825c93

    SHA512

    cafc59faf9b5408defee08caddb8068a206efb3c3b9d7f269e3e13297ef0615e43b1c5a5fe48358c8a902d815e716f0a6b0ac8f6ed93fd142de3ff37e5308e3b

  • C:\Users\Admin\Desktop\DisconnectRename.txt

    Filesize

    608KB

    MD5

    80a5805167491c801012dec06170d626

    SHA1

    7e31c359e5e28947e967721b0f1c2ed2c6614e21

    SHA256

    c5ea582c2894d4119f20000a41ea6ed11f69111af7d894ff22ca0b15bdfd0fdb

    SHA512

    3e882c392f196f68ab8a678a684e4dc1b5b8fca940d2416c62837315ea55db4cd483118b805ac3de83589105c1357a8e808f661b9726ecf57770595b613a8057

  • C:\Users\Admin\Desktop\DisconnectSend.ppt

    Filesize

    416KB

    MD5

    cb7f7bbe51d3cdd04da993fd63928645

    SHA1

    0c6d945b4e0f14f8f23a767fd260bdb25eedc7a7

    SHA256

    2190e0061205a1b2e6836ed5c914664375de13fcb5a05ccf1da4fe4b8fd013eb

    SHA512

    5b26d10480fe64efff60763cc42258d46583760cc9f7de6668226e0ac9bedd6b6a6db7e02d2fcf50c279f5ded9013ecf4478dd6d7795b707acb351f1d6761776

  • C:\Users\Admin\Desktop\EditEnable.avi

    Filesize

    576KB

    MD5

    9e5ce55126a9005b391938edf526c0c4

    SHA1

    6d4223883768f68fcfa286202e3c03b7e011e371

    SHA256

    78e11bbfff545dbf4c07d957db1b7be4d56984523c6ebe6b071412f049c2350b

    SHA512

    6f28d6f08f7036ae652b541d331726c4dab0123cc61a61262f04aa797bbd147741f62f53511857dfced9cde30c4c09f035d648aa580d5e09ccc8ebda601ecc70

  • C:\Users\Admin\Desktop\GroupDismount.reg

    Filesize

    640KB

    MD5

    77011512e9c8fca8ad6bdfb7c5e724ec

    SHA1

    f1a0e242077c15a2d7f3a06f69b72a27ec8cadf8

    SHA256

    a5c99311c7260e6e9457c6ba810d93f4ee5b52338b0d185749b9883d79b30ab5

    SHA512

    08f1378c6269e348ec9ed77de1663cce63d9fe0f8377cc7a13ab31f4901fa8471b5fc69fba8b12053d809bdb58007631eca9fcd3d6ef656fa778e229171f08ba

  • C:\Users\Admin\Desktop\JoinInvoke.raw

    Filesize

    640KB

    MD5

    18e747e2ab3eadabd5b09dd1e5192c98

    SHA1

    143849471e4b5e53ff26817e596871586fd36e1e

    SHA256

    f1a83b1937c00eb9ad29716e79bf0a176822c8cd02515a21760703d09a107a8c

    SHA512

    b709ba5a0c2e8e4d8f97dfc90e8a217da8a2a2ea2e6b173b72421427a6a3e139bbddc1dfc5f735bbb07727ff55e5fcb29126e1825154bdad4475b582579fa453

  • C:\Users\Admin\Desktop\LimitGroup.m4a

    Filesize

    695KB

    MD5

    7b938954337987b8a08c03c9e297c929

    SHA1

    d214716bbe169306f74234d0dd4800c617b21606

    SHA256

    90eef2bdf8d493d3ecc0f4b566603196cf48a1287fecaf95a4025e60e45ced15

    SHA512

    e62f651c15e3142da5ae2fd676aab4012ea3ef1fd8f766032301302458b710a96399c5fcdc51326cfc4c3e289040e5e7fb2d067554cb62ca6b6718fc1205b388

  • C:\Users\Admin\Desktop\MergeDebug.jpg

    Filesize

    480KB

    MD5

    a52a7bdb860fb7a30fef419fa9e24ddd

    SHA1

    9b81cef65ef329f3f3c77b3882b217c325cc1295

    SHA256

    0057799cb4ffb6f333a4300464684c48f4caa8330c78a810c69ff69a94154958

    SHA512

    f85360097c9d99aa59f64b7f30fb70423535842183e1d437d3696579e228cda97fb3d759920a3ef68e3cf91415ef145f21b68943d92a84766854ffa30b9e04bd

  • C:\Users\Admin\Desktop\MountBlock.zip

    Filesize

    704KB

    MD5

    aa2b5daa01afa8f4765ae8a523a64c46

    SHA1

    7cb31be2d95c622c565de6927750204fcc4656b1

    SHA256

    c2b8c41c324916912853cb0b0a98add92bcbb861edbb950862758fdf81ac7e02

    SHA512

    08dce84aa63f6b82ec5cdbe85a9b7917f4ec516c5dea02f8700116b1a73395c5b36ad17ef551475c6ca9b0c7c80c87af237eadbd787a932f9a4c6ab8c2debcb3

  • C:\Users\Admin\Desktop\MountStep.wma

    Filesize

    448KB

    MD5

    e06921d72e3e16aa37da34b2e3c8c058

    SHA1

    13c082270818e2915ec4647a38932b780cb171db

    SHA256

    1437884e642cbe91ce44881c6a1c515b183f33775a4288321b28f435236a5a95

    SHA512

    22e667f3c6dd96841fbe370ee1eb5b749efacb414e05b8f4365bd5ba3a324e97870563be9ea33b07d8619a20b23fdb32c9f81f4789d40efc6e278ff6865d5fca

  • C:\Users\Admin\Desktop\PopRemove.ADTS

    Filesize

    576KB

    MD5

    f4080cad322c1ca2b8c475b8f4ef8116

    SHA1

    5a1f4a5afc9fb734744b890e099ace02d71a2da9

    SHA256

    33f19c66591e332f38dc5c8de50b9604acb8e5d825323136219500b17636d9f3

    SHA512

    4c8eadf1af8349697ec027fc410df4eaa994735c896a594971d7c22212d876f6c4c9aaaac1141d77dce064e4172a509c071eaf50f36a2f891a68c1b040190d66

  • C:\Users\Admin\Desktop\PopWatch.ppsx

    Filesize

    576KB

    MD5

    2a1ca366e1576776da24d94a3e4abb5c

    SHA1

    65e70f4dce80aaed83df4821a8f86ff642fc75b8

    SHA256

    f09e1f831f140433d6fab483206939889e9ca00f59798cd692b7a4de0ff2f08d

    SHA512

    94e088d423f66241f3847335aa104ccd9033ed8f49cc87e4acbc0e6904b119cce674046e3c4cd4eaee3364a2b33934a693009945c8f18c77befd3938355ed2a9

  • C:\Users\Admin\Desktop\ProtectSkip.jpeg

    Filesize

    832KB

    MD5

    173e02fd6c067d71760b619453eeb9f9

    SHA1

    37d04320ab74582d0360d0c4622c9eba6666f49e

    SHA256

    95fdbe4785c7c56412c0187af7e41bf7e0ea03149ac88ef81b4e03b27d549ca1

    SHA512

    5ba52a4c0f9f273d17bc6b3e53daebc6cd8f879aebec484b3f18c5640d6f22d303e1e8b630d96aa14a59f534eed605986605d1942e5ecf82552dd911cbef70b7

  • C:\Users\Admin\Desktop\ResolveUnblock.ppt

    Filesize

    1.1MB

    MD5

    928eb8a1b2f89fa0682469466e6bbe17

    SHA1

    be130a75b1991984c7e432cb8b0847234cbdf9e4

    SHA256

    c8646de08b3bf1d016b50bba8824b4d2234b53371cc81ff1e0546e3074571e9f

    SHA512

    ae8e1b58cae81b7634bf6556b2dd1921f47c332276e1fa840a5ed92e06d3a1a3f6ad08d72f2585a44cb1d1b2d68b15427de5b5747d9f68d616010aa628215353

  • C:\Users\Admin\Desktop\SearchDeny.aiff

    Filesize

    768KB

    MD5

    e665c2e9e05246f6fe61db51796e0ab6

    SHA1

    a738348cff07f849f6ae25649e26ee0359e62658

    SHA256

    350bf91f3d5fabe12b096a441ce4703abcb5e34086b54c896f4c8e544a516f84

    SHA512

    008de803a5f330d5b447f8df4c804fe8c042113b72885e906b5fedeaf4c22953fdb3c033429447d5f714e31312e9cb005aa731e2a775685ed4f7678942a5d8a2

  • C:\Users\Admin\Desktop\SelectReset.mp4v

    Filesize

    512KB

    MD5

    470ba30ed9b42a22ee47728c85d41bb8

    SHA1

    f49c877b3a08a5eaf7099a94467b514da57d8446

    SHA256

    b58196c480279a048b2c548b426c4aff0e78fa5117d9ef4e58bce3c64f63134e

    SHA512

    df1ac256627ce8012c40eebadc47da67361f4f19ed0e457d3e38afc92792e413e690e2b60097923c7fe2e958c67f8515af18167424f4b0a7bccd603ed6a81c5b

  • C:\Users\Admin\Desktop\SendDebug.rm

    Filesize

    640KB

    MD5

    cb28e683558858b7c272938a31d9bfbe

    SHA1

    20afa31b8af02cc444e115de37960aa10eb3cba7

    SHA256

    08bc56a153a38e23b5a7e1c4245d12351b8e1d51c66177aa3b97c6fe69e16acb

    SHA512

    40ff4a039aa22e397e2df6ff4ad1b4289e2d911d7b93e04ad863338586b7e62a37152c951d9ca8837c0b099823ff3a1f9302d72c2c2d0eab7c4ed8e074b73d4c

  • C:\Users\Admin\Desktop\SetHide.scf

    Filesize

    800KB

    MD5

    a5fbc442bd010826e3c62ea6bb8fc3a0

    SHA1

    95db26fa1081a48dc95a8837489dd33e9883b34f

    SHA256

    64e05fec7316da8f966189dd289a1d3a0760eec79dac9f0cfe8405554d29012a

    SHA512

    296e569c9bc675c6906820bb88c5891fe08a8ad1d4da4fbfd4f0eebc086579a89ede848524a6c43130fea2a69c94e9754d8eac401d97f9eb7ea8853183c20a1c

  • C:\Users\Admin\Desktop\StopApprove.bat

    Filesize

    384KB

    MD5

    8e92d6e4696de1858c16b2102b25a6c4

    SHA1

    fb196621e29c8916b16f98b40814b456c3c86905

    SHA256

    9f815302b54dc43ff53c8fee6bf98d28c2d1ce1858e18b656e2c8b0c65cbe967

    SHA512

    9afc7c3bdbd232be617ae97e233685ef5f796309b1af29752d9817d2d58d51fac9867bacfd7c81d735312552d48d174836214f204197c81e75c45c08b37aa850

  • C:\Users\Admin\Desktop\StopUpdate.cr2

    Filesize

    704KB

    MD5

    dda0025ef089df3a7c5f7206a8638ad2

    SHA1

    aa2d45a2c974dbc1162ce9833871ead59269389e

    SHA256

    e94de7d72e722678962ecf95e45dfa864c7cde62d4ae37791dc217c78ec7dd8a

    SHA512

    acfd41a884c3312126fcfcb9188c6fecce2788a363af47c913faefc65f03e7ceebc67c9caf6cb21549f6a6d6a70b9534391189fb2cdaffd25846f51c0daa426d

  • C:\Users\Admin\Desktop\SwitchStart.xlsm

    Filesize

    576KB

    MD5

    82bca645f4bb0eef493a834f867484ef

    SHA1

    96be1a51cb0fe4cdb101b2463ed6ffff6381251c

    SHA256

    7e3991697288ac3e7be8731126751920c3e7de328403c5cb69dc03b4aa5d4e2c

    SHA512

    3178d620b44bf5cc92411ecd6029cacc0f6c72f0ec46f9521efbfa593e167e175656c584f83b3f9bdb26ed86066a9606a6d225e7e27ba0e7a0ab3904fd06e137

  • C:\Users\Admin\Desktop\UninstallSplit.scf

    Filesize

    544KB

    MD5

    fa9489190fbb686b36491690bd5a7444

    SHA1

    562b84e0e882148b55995c2ecb3a6756fc755c17

    SHA256

    902a764758f3a2906eaa7acc822117b4cdc1b4e4e021ec96e0c6c1fc15aa6dd1

    SHA512

    e42e430a97901265f85d6e090bfb3cbb34a67f96f4ab77ef1cb59681526361fabf95a522ae72e109fff64c65ad1099acc80e1cc175cc21d162cdb07a3ab5bf44

  • C:\Users\Admin\Desktop\UnpublishMerge.bmp

    Filesize

    672KB

    MD5

    c47aabf1fb727b654629edeb9a0b0211

    SHA1

    6dee5513d95757a261682d97d69c7e1f565fc0d1

    SHA256

    1568b5421ac424f6e60d81dd4afe9c848d31d9f74734522564a29eb14386554a

    SHA512

    27f89c2ba58f341ab90b9c3159d50d1fa17005838c1b537540f49c5f4de3538d2c309126c84b741022149014381c5a81fa2358e09a67de2b12087c101b9a2d98

  • C:\Users\Admin\Desktop\WriteSkip.crw

    Filesize

    768KB

    MD5

    84e4c9d665c98880d402668e85596cc8

    SHA1

    b652378ead31d13dadea4bd5163d5150dfa885e6

    SHA256

    ba1683fefc5ff7e07910031198e6a14e33c87ee0c824a9c3d4dbdea426c90aaf

    SHA512

    54fc39b8e9288027c4489f8bcc75ee779f6ab78bd6626ae6fb89944e1c37fa1e6815b970cb0cea96338a3473386bba938db272c14653c26fa746e87a7f4bbaa2