Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
20-04-2024 14:08
General
-
Target
test_journal.py
-
Size
10KB
-
MD5
fb08be2b60bcd116c37e011eef57692c
-
SHA1
d6dd2cb3eeef49b24b8086cd8a7cfbcfbe02d2fa
-
SHA256
a36f00b50f335c0b974084a92704d0472ec971455973de64b36324fc7cdd3a87
-
SHA512
ae552d12b78cb6c340c62a696593af8409746d43c760cfa77f1723414bc7365429620d0cb8c4e41c26484334826aa3f84f26b930c048081bf4c1c66a1d1b9e5a
-
SSDEEP
192:zPKteSTJ1BEnT3lBM26ZfM+kWBS7fxcUELzWgpDZWRpDmYi2gpTAYi5gpLIs32hQ:zPKtbkW87Z90qgpDERpDq2gpTs5gpLIc
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\test_journal.py1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\test_journal.py2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\test_journal.py"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEventsFilesize
3KB
MD514042101e8d4ef6f3359ca1731899899
SHA10e2c2c2cbbef774ff799c62d712f8b7be7a2c16e
SHA2561c8778f84074a6a723e25c180c5fc67a7cde0d4eb27eb8cc7714dc4eaa38e2a3
SHA512bfa4af192b87ea7a50a1c1c3bdd37ca906b440b9aeb7035f67095ee8930a4296f918584551bb18c6673f8500636cce59264321d7c0f521eb611a01c084a02ab7