Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
19-04-2024 12:16
General
-
Target
add_from_excel.pyc
-
Size
25KB
-
MD5
eb83674aa2f9319ec439b6b469241c0f
-
SHA1
52bb6c11696d118ea762f0a2bb87f4ae81f53e9c
-
SHA256
c7d98bb62b0609f86f02706693f6edd512fdbc5d831a58dfaf009066ae4bacb9
-
SHA512
565df267a5e8848e5c003ab5ffe4e37fffef43821e63819197574129e7e5ad2e9bfde66c53054af706133e31b6e0bc988705e8ec60ec339244dd08b292cc1a0b
-
SSDEEP
384:P6VgkjMOFwmmjfmNM1tzk2l5WODOiA1Y3dh9X4hoQT+WU0A/88888s8cjd2hpyjo:wgkLFwF2Az7l5WODOPY3mT+OAvdj9qvZ
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\add_from_excel.pyc1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\add_from_excel.pyc2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\add_from_excel.pyc"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5ef631c8cb7638ec1d5c6ba3986fbbc8b
SHA19a2b5e8a8af3feb1d4b765f965843d9d585f52ea
SHA2568499a3895a85b300fb48c55ebf8799c6359e93625da0862514aa7ab52fcd2a1c
SHA512c7fb8401066bb8101868b61315050ec77df3dc79bb3bd7dcec185596dda39fd41e07189c474eee7ae7a52ba6465bc8e0790ef85f4d863a4e140d61093e03bd82