Overview

overview

10

Static

static

10

imthebigge...er.exe

windows7-x64

7

imthebigge...er.exe

windows10-2004-x64

7

creal.pyc

windows7-x64

3

creal.pyc

windows10-2004-x64

3

Resubmissions

03-03-2024 19:24

240303-x4lxhafd96 10

03-03-2024 19:23

240303-x3wejsfd86 10

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03-03-2024 19:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    creal.pyc

  • Size

    32KB

  • MD5

    58e8befb60f3bc6e773fc663cd1ef561

  • SHA1

    fe4cc51bb2f09ca417cd2c4397db74b2cd537b41

  • SHA256

    14ac594228236acc07a6dd29b886645dcd6fe1c35d9b72ad357434dea71c863f

  • SHA512

    12a8984e3fb1fdc87e1d47b00fbda92a9de4c4d819bb67e49ee16bac1cdcd4b90f23ba27781271b0659460e32484e85f6e3425b53acfda7b0ac2c0f43fa6c9df

  • SSDEEP

    768:L8DnrY2VsfNEiyAuAfKFMrRtfqtvEwS7bnjerAroaHDsIAvN8YC06X:Ijrie3aKFcfDwS7fOPviYD6X

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\creal.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2100
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\creal.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2576
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\creal.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    59bbd02019fe4ce23d9b6ab9059fad12

    SHA1

    fe3e12269613a0998ebb5ee31547ad7e277cc7d7

    SHA256

    02b883ed2fa510ae30fc43932087c79e7565b0af215e9b646220bd7be260c9d0

    SHA512

    95173364e3845a62094bdd6996512d9da121825639746aa96c4b72aa5f936d25b4f06553ddd6f12915a950503d0bcb6143cdc3e0e6fafb50f585991e07ad5546

    Download Submit