Overview

overview

7

Static

static

7

Dev-Cpp_5....up.exe

windows7-x64

7

Dev-Cpp_5....up.exe

windows10-2004-x64

7

MinGW64/bi...ail.py

windows7-x64

3

MinGW64/bi...ail.py

windows10-2004-x64

3

MinGW64/bi...t__.py

windows7-x64

3

MinGW64/bi...t__.py

windows10-2004-x64

3

MinGW64/bi...__.pyc

windows7-x64

3

MinGW64/bi...__.pyc

windows10-2004-x64

3

MinGW64/bi...ses.py

windows7-x64

3

MinGW64/bi...ses.py

windows10-2004-x64

3

MinGW64/bi...es.pyc

windows7-x64

3

MinGW64/bi...es.pyc

windows10-2004-x64

3

MinGW64/bi...cii.py

windows7-x64

3

MinGW64/bi...cii.py

windows10-2004-x64

3

MinGW64/bi...dec.py

windows7-x64

3

MinGW64/bi...dec.py

windows10-2004-x64

3

MinGW64/bi...ig5.py

windows7-x64

3

MinGW64/bi...ig5.py

windows10-2004-x64

3

MinGW64/bi...scs.py

windows7-x64

3

MinGW64/bi...scs.py

windows10-2004-x64

3

MinGW64/bi...dec.py

windows7-x64

3

MinGW64/bi...dec.py

windows10-2004-x64

3

MinGW64/bi...map.py

windows7-x64

3

MinGW64/bi...map.py

windows10-2004-x64

3

MinGW64/bi...037.py

windows7-x64

3

MinGW64/bi...037.py

windows10-2004-x64

3

MinGW64/bi...006.py

windows7-x64

3

MinGW64/bi...006.py

windows10-2004-x64

3

MinGW64/bi...026.py

windows7-x64

3

MinGW64/bi...026.py

windows10-2004-x64

3

MinGW64/bi...140.py

windows7-x64

3

MinGW64/bi...140.py

windows10-2004-x64

3

Analysis

  • max time kernel
    124s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26/03/2024, 21:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MinGW64/bin/lib/encodings/charmap.py

  • Size

    2KB

  • MD5

    4b97d8f696820ed83d3a1b96c242c824

  • SHA1

    dc08bc88f94c47b43a0c64ba33bda79def11096b

  • SHA256

    1b8b5fdb36ce3becc62a6115ed904a17083949ec8aaef5a80f7078cec232f43b

  • SHA512

    bdf81c3c80471988203645cc6fe776b0fb44a248d10dc3425b53480c7cbeb5081ecb542930d64aa1f3a007b3b8554d3dad2e0e04e4f767b29335438158f3241a

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\MinGW64\bin\lib\encodings\charmap.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2544
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\MinGW64\bin\lib\encodings\charmap.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2584
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\MinGW64\bin\lib\encodings\charmap.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2464

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    e46503c838084fa5f82082b986b7223a

    SHA1

    4f6256f63fb86fd2b1242c6f41a45edf62fd562f

    SHA256

    b4701951fbd2fd634edc08c0cb5dd7ecbe5b8a68ff803619012f21f00b330e49

    SHA512

    7d27d05a8b86f4d708b0b5f94cf88e8f87239c28960c83ec6617d4e1f30d4b44023c5eec58fc14901606a05594a7a715c6ee87044f9c0061d36ac39be387d054

    Download Submit