Overview

overview

7

Static

static

3

Complex To...ex.exe

windows7-x64

7

Complex To...ex.exe

windows10-2004-x64

7

reg_backup.pyc

windows7-x64

3

reg_backup.pyc

windows10-2004-x64

3

Complex To...xy.txt

windows7-x64

1

Complex To...xy.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/03/2024, 15:31 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    reg_backup.pyc

  • Size

    6KB

  • MD5

    10fdb4b38c53a4831819705aab9f4c2e

  • SHA1

    211afce3552e094054b4a2ceaa4e54bc4babb93e

  • SHA256

    0209a0220ed750582b41b74187203a501c333f2bbc797d81976bb368a43597aa

  • SHA512

    4d5b6204f09c01e88ed47c20a1fb0da4dbee1d1be5112417234735eafaa534d874f3a9efb1174d37cb6c80cd483406c16575400801a1f540d126680fa8ce427d

  • SSDEEP

    96:q+CNsheuyFqytMAdchmmnf53CGKzGA6NL+8qGtQsGR7ds2WrReMFYQVGA:VCaheltMZm85CW+8h5Cs2IEMFYgF

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\reg_backup.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\reg_backup.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2536
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\reg_backup.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2420

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    f7bb176ddf1b31b88156ba749dd30986

    SHA1

    8500a9c00201dbb7fb11fdededa9c6e3a9ff3d5e

    SHA256

    50361e44436b137cd43ca919858028d42a20a399b70315841578436df971195e

    SHA512

    ca4b21166ef72439975832588d1612366561d480076c95e86c31d7f4876e7199a720f92b82f59b47ec07517c6c0e503f8e06a6b13a875369111bcacfa36bbac4

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.