Overview

overview

3

Static

static

1

massdm/main.py

windows7-x64

3

massdm/main.py

windows10-2004-x64

3

Analysis

  • max time kernel
    160s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27-02-2024 19:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    massdm/main.py

  • Size

    13KB

  • MD5

    0c0b063fd46da68ee589501a08959bed

  • SHA1

    a2f5660d975f02e587e289102777e8b98cdbb234

  • SHA256

    f8e1ceca8b109730c3450d280c9f62fb98afee0338118070e2c7f2793e46c691

  • SHA512

    9e5dc1db72dec6133609659f893f3da1cf6c7f6a67c4fcb685046dd377c15247a797eb900ed936717632a3db35348f17c0164b58dd861dfcf62755301fe2c3e5

  • SSDEEP

    384:ZYWfBQ7c+whoif5au2QB+cQnL+UiPU9YD:ZNQ/wWif5H2y+c29ic4

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\massdm\main.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1708
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\massdm\main.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2536
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\massdm\main.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2416

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    3ee48585cc07b076a8483bde0f3764e1

    SHA1

    8c588aa353ecdfbc653b2f659beeb18fe1696d67

    SHA256

    4fe5ccd34c747859bf6e65f70b6a0366acb306d3cbc22119fdfbbbbda51da38a

    SHA512

    41a1743d7d9df9f7fad8a0c245310d55672648d279373eaeb17d55701cf0ce6b28f4e2a4dd01613eb19ec7826d631c9abcf4f03d1496c23fa4bdf1c5fb891d75

    Download Submit