Overview

overview

3

Static

static

1

bots/boost...10.pyc

windows7-x64

3

bots/boost...10.pyc

windows10-2004-x64

3

bots/boost...11.pyc

windows7-x64

3

bots/boost...11.pyc

windows10-2004-x64

3

bots/boost...uth.py

windows7-x64

3

bots/boost...uth.py

windows10-2004-x64

3

bots/boost...ain.py

windows7-x64

3

bots/boost...ain.py

windows10-2004-x64

3

bots/shop bot/main.py

windows7-x64

3

bots/shop bot/main.py

windows10-2004-x64

3

bots/ticke...ll.bat

windows7-x64

1

bots/ticke...ll.bat

windows10-2004-x64

1

bots/tickets/main.py

windows7-x64

3

bots/tickets/main.py

windows10-2004-x64

3

bots/ticke...at.bat

windows7-x64

1

bots/ticke...at.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-02-2024 17:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bots/shop bot/main.py

  • Size

    14KB

  • MD5

    f48ade1faf05ce3b360dcc872d55c097

  • SHA1

    0e24537691feff4bafc76cdf1abe22e96072d6a0

  • SHA256

    0b9ba700c862120ab36406706d59a75cf295eadda0f52dacae97484ae5c6f53c

  • SHA512

    12ccda142fce7da231d398d758776d3872a452dd1f11aeb4e1280d4bc7da55d93150955fe4cb879cc0df6d8f95b2e887a8999a7bedad37e1254276d25cbdb593

  • SSDEEP

    384:20u77u4M+EqmmKmZJC3Iz+tEQZJdusN8CNO+QrTmHcE3rkHwWU:20l3Iz+tEQZJdusN8CNOprTccCkpU

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\bots\shop bot\main.py"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1288
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\bots\shop bot\main.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2560
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\bots\shop bot\main.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    c0182ad4fdcd071e3dede649435f6961

    SHA1

    4fff86c34576b7a8a253019b4cbb31d589839638

    SHA256

    61e4a61a62861416b485a49ba914621982d3b56ab2a59e4237a9266df5c20da1

    SHA512

    a6d6567d4f2567b90bf281f1a7fbb46ad81c83dc28eec2850cb29dc6fb69d1faa9b40b79272cae8e54bc06a51ccfd46ed8e724bc34649b407e40c7061c3aea1e

    Download Submit