Overview

overview

7

Static

static

3

sample1.exe

windows7-x64

7

sample1.exe

windows10-2004-x64

7

doc_details.pyc

windows7-x64

3

doc_details.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    139s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/03/2024, 11:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    doc_details.pyc

  • Size

    7KB

  • MD5

    32388de010fa9265455445eb58a28272

  • SHA1

    a415a3da0a51a81efda771e02a452cf88c8f51f1

  • SHA256

    f1e9b6f8401c2802efd5937309c8069b94c566450c1d2513722d616b6793a05e

  • SHA512

    9cfb55fddaed058da8500a22ed9e586c70b6607047f6a34baf5e67df9c0e12ea0d2dfa6d15e4d01d80c5942d27c5f884f1d22e32485b915d24de645f66fd02c8

  • SSDEEP

    192:IU022avyny8TAae09ec8OZ7PWQKv1iNy+Dz:Idayy8TJes7PWQKv1qyy

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\doc_details.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2892
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\doc_details.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2640
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\doc_details.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2672

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
          Filesize

          3KB

          MD5

          ccbc138332f59972043cd8d09a618419

          SHA1

          3cb852c6df5f547e7ee13941723e4f7fea16747f

          SHA256

          b5421637cc35fb1d5405d01a1b9a66cebfe5f92594ba62e40dc200e9b1df12da

          SHA512

          ae16bc7e7f42d127829f465d7a5576b20fb2955c3b16fb4eca619a2f68fda1da520b044cc95a2a1d50724692a0d287ab6ec277b820e991fb4189baf7a5ea11f5

          Download Submit