Overview

overview

7

Static

static

3

virus2.exe

windows10-2004-x64

7

virus2.pyc

windows10-2004-x64

3

Resubmissions

24-04-2024 15:15

240424-smwm6acc3w 7

24-04-2024 13:13

240424-qf2vgsae28 7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-04-2024 15:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    virus2.pyc

  • Size

    1KB

  • MD5

    7d4d009be85e2a8b9ba178a8ad581be3

  • SHA1

    dd1adc941d6a74cc65ba80237ad9926d5bd6e5df

  • SHA256

    ec40a166d1f2403f2f51e6c5b1b54cbbbcdf113265d5f619f3b37d7f1a30f28d

  • SHA512

    69c64cead78bca8d4b29d35705a6f241c54f56b4916113131887a48658da91b7c899357ebc6c9bb07c2bc60a519011f373770567ac0d2b6bf21f439bd048126c

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\virus2.pyc
    1⤵
    • Modifies registry class
    PID:1796
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1016
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\virus2.pyc
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:3064

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads