Overview

overview

3

Static

static

1

T0kenCreat...cha.py

windows7-x64

3

T0kenCreat...cha.py

windows10-2004-x64

3

T0kenCreat...ent.py

windows7-x64

3

T0kenCreat...ent.py

windows10-2004-x64

3

T0kenCreat...are.py

windows7-x64

3

T0kenCreat...are.py

windows10-2004-x64

3

T0kenCreat...ail.py

windows7-x64

3

T0kenCreat...ail.py

windows10-2004-x64

3

T0kenCreat...isc.py

windows7-x64

3

T0kenCreat...isc.py

windows10-2004-x64

3

T0kenCreat...ies.py

windows7-x64

3

T0kenCreat...ies.py

windows10-2004-x64

3

T0kenCreat...ail.py

windows7-x64

3

T0kenCreat...ail.py

windows10-2004-x64

3

T0kenCreat...ain.py

windows7-x64

3

T0kenCreat...ain.py

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2024, 05:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    T0kenCreator-main/creator/modules/misc.py

  • Size

    2KB

  • MD5

    81a407d1603f4609e535348091373903

  • SHA1

    79dd8571d41cb81eec3434ac2dc2d990ebba2cc5

  • SHA256

    a94ae16b3ca7cefa4b5aa3930e6e6b6aa6099b59b7aa4fdbc48a8b47dc0b7435

  • SHA512

    a00c2cd7902f990d9de1d212bee173bfd08548d582bcc938e9a81562640052f6498134775b4010f27895150edd0075323b1b9819e4c00ed66c4712a1b655129c

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\T0kenCreator-main\creator\modules\misc.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\T0kenCreator-main\creator\modules\misc.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2852
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\T0kenCreator-main\creator\modules\misc.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    fdabc563c7f812f586bdf7db9e13e6c2

    SHA1

    f4accaece9b74c6f97eff4830916db36a174966f

    SHA256

    eb5c61333bcf9ad84f6a408cbecb8c9adc4fe5a7a391dec70d6ce258fb65a5c4

    SHA512

    9e9b4620b62cddbe86a6b5a30e648ba4bf8cdb9aead733f2023a9887fccaa44a84f2fdb841c0e5324c7d2e0696e0d7b6769f0f2a2401127a4ff9241a384e241f

    Download Submit