Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
23-04-2024 03:50
General
-
Target
ftpcrack.pyc
-
Size
31KB
-
MD5
cdfaeec3b576ee1e801ed0d7981729e9
-
SHA1
d7e34e25732b9e9cf422c5921148e09911c206ec
-
SHA256
153999f48813eed1190adfb2ddf51b73a457ea92563bd54d87aee6220f148cbc
-
SHA512
250b687d2a263bf5c2defa9d57949a0dcf7c8c685836bd064bdb27ef2382b1ed570c7184588d7349b42f89616f2be4631dcca0778772dc23b149036d5bd122ec
-
SSDEEP
768:vJu4RMyRk49Ov7Q0iqhtzZlryou6KGxgP7flAoMT5Kzc5e9DPe7:vJu49Rjg7FiqnZlryoXhuP7lAFlKQeVC
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\ftpcrack.pyc1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\ftpcrack.pyc2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ftpcrack.pyc"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD514268760f1f98a8b5f43c7daeba89c04
SHA1f016ba5b56cce70e603ae57bf9de3e57c3a3b2db
SHA256ed4e0eb905c78e663b54f91f045bfe4d94c9e68609c6cd3a9c10a9ebceb3e186
SHA512b4a1f1e14dbcb69b567fb19b70cb6df75da04807562de01780e05bdf35bde23068975d48c4b1674c735e4d1cb5e77bd37e2ef76ce2bbd0e875edc020ca781124