Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
15/03/2024, 09:01
General
-
Target
Zero-attacker-Zero-attacker/zero.py
-
Size
2KB
-
MD5
29156f1420c9b5facda6e5b08d605399
-
SHA1
91b7600c7493c9e3e9dbdc26185d8ccfd0a817d2
-
SHA256
20c5b067169dfc85d6b007af0f4db406908062c80e145ab889048ca65b37271e
-
SHA512
0bd18ec5188bef93239963a922a5562b87045a8ccc296d2ce637a1d73dc1995de5687f50abc8b9875390346b601ea150792550dd84b57495a128022228fbd5dc
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Zero-attacker-Zero-attacker\zero.py1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Zero-attacker-Zero-attacker\zero.py2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Zero-attacker-Zero-attacker\zero.py"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD59a3f592d81bf860a28520961d923fdca
SHA1b3809b9148ad57b3e7e95d4402003d6f46ad9d67
SHA256d050f8a42785f81a0ec2dcbbe31fdef0531b69d77d6bf7c02c0e59f0e4f2a601
SHA512d0fb30a6acf93b9daae3fe73f6123baa9782e47fd98f9517de70bb050c1b23c2a2110def6b3746ae3c6c6d0493ce93ca3fcc18b0298e5676a49dfb6762ff7179