Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
15-03-2024 18:01
General
-
Target
cstealer.pyc
-
Size
67KB
-
MD5
b50ae745b0ee4b6faf241c63026d466b
-
SHA1
9f1bbcaaf529d3c77e05e45ed925466f12f5eafa
-
SHA256
673af425d467ab4b0fe785ce126de885dc85aa095a7239023ad9a9d32a560beb
-
SHA512
0f7f39683d3189474dd728cdc6b959e069f634ea3667e0b9f2e436577b2d410d0b2604526fc055e05802d177791da03485cf04efdaf832221882356ec4292169
-
SSDEEP
1536:l0xqOgTxpqBJlMstbo88jLQQcXf9qS0Vr+LRheG:lqc/+bo88PiXX0r+LRP
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\cstealer.pyc1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\cstealer.pyc2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\cstealer.pyc"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD51ce390ae7d07ab2138129471fbb5e0ff
SHA13bf5ee74eb4fd6d5f5a474b1e44656baaa999e87
SHA256f6089d2861c4d76a6446e0b7f6e1a9e5fc37e9dad2b4230fde9f0585c7f880bc
SHA5126a3702e889d9b37f3631a5f9b7ce321f61c2288fcf2d93474f68186dbcd47c4537e6fcdabbfe076d6b66d7c8c9db30651a70519d612467230457f02044750068