Overview

overview

3

Static

static

1

T0kenCreat...cha.py

windows7-x64

3

T0kenCreat...cha.py

windows10-2004-x64

3

T0kenCreat...ent.py

windows7-x64

3

T0kenCreat...ent.py

windows10-2004-x64

3

T0kenCreat...are.py

windows7-x64

3

T0kenCreat...are.py

windows10-2004-x64

3

T0kenCreat...ail.py

windows7-x64

3

T0kenCreat...ail.py

windows10-2004-x64

3

T0kenCreat...isc.py

windows7-x64

3

T0kenCreat...isc.py

windows10-2004-x64

3

T0kenCreat...ies.py

windows7-x64

3

T0kenCreat...ies.py

windows10-2004-x64

3

T0kenCreat...ail.py

windows7-x64

3

T0kenCreat...ail.py

windows10-2004-x64

3

T0kenCreat...ain.py

windows7-x64

3

T0kenCreat...ain.py

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    28-03-2024 05:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    T0kenCreator-main/creator/mail.py

  • Size

    7KB

  • MD5

    3511b9595ef8713e58eea5266adf5707

  • SHA1

    247679551fe175c8f1a90e71998388327f3cf1fd

  • SHA256

    803df4e3af976af8e0f83afa2ea1df45996069cf63a753093b66864825f93ce5

  • SHA512

    2fd7a9017a9a795c3e4507698c45b3554e934050e976a7727538385bb2c5d8ba7233cc0ad480064357ac196b97bc487020ad981e276ce20bdfb741c06a0cbd9f

  • SSDEEP

    96:NaQm9N/NhOe1VyBk8Fgf31NJCyk8XuyfyQk8Fmo1HUPWRvyfyQk8FWnsewhy:4qeCLqppqIEoDaqIAnBh

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\T0kenCreator-main\creator\mail.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2240
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\T0kenCreator-main\creator\mail.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2608
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\T0kenCreator-main\creator\mail.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:1652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    d7fd4a7e3bc05367745d51d6097c45ec

    SHA1

    f3ba7702a7339e9992bf297792c5392b596d3ade

    SHA256

    747537106e5b7cf418947ba804029c29ee6f43a2267f221aef5c2168c60bfea8

    SHA512

    7d59c73a244e4d1f7ee65b11fda4c28de8e58f37490e184a8554102ff2c179255ba1d1d68765d08845a54b4d99993f6b7e1ed11f8660d035e78174fbab2187a6

    Download Submit