Overview

overview

7

Static

static

3

e1d2fa6783...fa.exe

windows7-x64

7

e1d2fa6783...fa.exe

windows10-2004-x64

7

Password G...or.pyc

windows7-x64

3

Password G...or.pyc

windows10-2004-x64

3

Resubmissions

27/03/2024, 14:01

240327-rbpvssdf36 7

27/03/2024, 13:54

240327-q7hwpagf4w 7

Analysis

  • max time kernel
    122s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/03/2024, 14:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Password Generator.pyc

  • Size

    1KB

  • MD5

    207db50ab25fa2972a52a18252be04cc

  • SHA1

    3504e02cc28fa2e6669641c5d3e99b56b8e02d46

  • SHA256

    a156b0e7d9e7e119c4a9a13da67060ea2bcb0375c3534d38c0325bd09ddc6414

  • SHA512

    04da8ef94184c5762c28dca67745cc423ddab33dd31f0830c3776c787d09ebf98b8b86d2631fc0cd2afeae54fad857bb211af5706546e4c1b5e9f250a074db91

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Password Generator.pyc"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:364
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Password Generator.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2848
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Password Generator.pyc"
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:2768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    de6631fe3ec9452aba4df24bcab32ef9

    SHA1

    5dc72a158975c4c4386a28a0f5fc81c4f8c3449d

    SHA256

    1e40feb655440d028a6f7d31dffc33deb587fa11d2c630cc59d1d28684e8e0d9

    SHA512

    35b8b321e651049c1afcc213e08562189a2f86e803afc9e715c1445d98c0ec081f5cfc857dc3ab0d5c90721a46d34504b04797e6c8831c3dbb42dcca0170c4ff

    Download Submit