Analysis
-
max time kernel
92s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
15/03/2024, 18:01
Behavioral task
behavioral1
Sample
Flame.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
Flame.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
cstealer.pyc
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
cstealer.pyc
Resource
win10v2004-20231215-en
General
-
Target
cstealer.pyc
-
Size
67KB
-
MD5
b50ae745b0ee4b6faf241c63026d466b
-
SHA1
9f1bbcaaf529d3c77e05e45ed925466f12f5eafa
-
SHA256
673af425d467ab4b0fe785ce126de885dc85aa095a7239023ad9a9d32a560beb
-
SHA512
0f7f39683d3189474dd728cdc6b959e069f634ea3667e0b9f2e436577b2d410d0b2604526fc055e05802d177791da03485cf04efdaf832221882356ec4292169
-
SSDEEP
1536:l0xqOgTxpqBJlMstbo88jLQQcXf9qS0Vr+LRheG:lqc/+bo88PiXX0r+LRP
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2984 OpenWith.exe