Analysis
-
max time kernel
73s -
max time network
52s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
27/04/2024, 23:38 UTC
General
-
Target
Creal.py
-
Size
211KB
-
MD5
dc8e4f8ca562819e37d9328b47f6627e
-
SHA1
1b30e4b64f275f155a905d27e1a137744c3654ab
-
SHA256
644ee8e67af2b64b9b2cfecbbdb63b4b3098dcd45affc2af18c696e9ba06d154
-
SHA512
ff11069536f0731c987ac9b1355b1ea5dc6a9b75ea4f36620b12f1a5531bc152288ce1536ef0d105aabad38bd944b83612ccf8e1e57de47a5259ea8e2c26a6e4
-
SSDEEP
3072:Q1kT0hhFhhglvEjYm+W94RPiEmWoqfKTUkaF5996aH0ji9Jl3LH0NpmSBKHR:gAPBM4RPiERoqkZw7HOpmSBQ
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Creal.py1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
Network
-
DNSg.bing.comRemote address:8.8.8.8:53Requestg.bing.comIN A -
DNSg.bing.comRemote address:8.8.8.8:53Requestg.bing.comIN A
-
DNSg.bing.comRemote address:8.8.8.8:53Requestg.bing.comIN A
-
DNSg.bing.comRemote address:8.8.8.8:53Requestg.bing.comIN A
-
DNSg.bing.comRemote address:8.8.8.8:53Requestg.bing.comIN A
-
DNSg.bing.comRemote address:8.8.8.8:53Requestg.bing.comIN A
-
DNSg.bing.comRemote address:8.8.8.8:53Requestg.bing.comIN A
-
DNSg.bing.comRemote address:8.8.8.8:53Requestg.bing.comIN A
-
DNSg.bing.comRemote address:8.8.8.8:53Requestg.bing.comIN A
-
DNSg.bing.comRemote address:8.8.8.8:53Requestg.bing.comIN A
No results found
-
8.8.8.8:53g.bing.comdns
DNS Request
g.bing.com
DNS Request
g.bing.com
DNS Request
g.bing.com
DNS Request
g.bing.com
DNS Request
g.bing.com
-
8.8.8.8:53g.bing.comdns
DNS Request
g.bing.com
DNS Request
g.bing.com
DNS Request
g.bing.com
DNS Request
g.bing.com
DNS Request
g.bing.com