Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
26-04-2024 04:56
General
-
Target
creal.pyc
-
Size
64KB
-
MD5
aa0a24ec6cf426fbb7e1e2a2b37acb06
-
SHA1
10eb0400cb996edfa28b0bda63f564660151553e
-
SHA256
bf22490aa5ce5edb54e64d9156f8a2baae7fe8a9f03ed306f3f1b975d8933807
-
SHA512
798e0572fefe88ed33feaa9ebb4ad34dc58f85819aedd95983403970fc63b38dfe1bb4536e2d4b4350b4a00ac1db9a32b9585028970a8410fead8f510c9cf600
-
SSDEEP
1536:7Trye+0Ql9pObo8BHWfNXASFW08VAeOR2es:7T8Ybo8B21XASNMAeORk
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\creal.pyc1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\creal.pyc2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\creal.pyc"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5d03e688857d27e9be305c1f799561710
SHA1a8ddf0ee1c344bdc73ff242a5984e17ee604b876
SHA2567073c8c54034747285b2f089d98f4ba7dceecffab7eba6183ef5fb7b02492379
SHA5129ee335774e09c65ec6a0b32707f97f9f4c552dd24014e9f76fac43ab9d55da6f6826f4aa72dd48945e1eb19cbd7e1044251aa543ec4fb76c6a5629c4bc097785