Overview

overview

7

Static

static

3

sigmahacks0.2.exe

windows10-2004-x64

7

sigmahacks0.2.exe

windows11-21h2-x64

7

kLXISTfbYJ.pyc

windows10-2004-x64

3

kLXISTfbYJ.pyc

windows11-21h2-x64

3

Analysis

  • max time kernel
    1s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    30-04-2024 23:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    kLXISTfbYJ.pyc

  • Size

    57KB

  • MD5

    053dc7d5b3067b2cf9e8b1878fcfc39b

  • SHA1

    966b034a17836a00a30bd41dde9595d4cf1e1c21

  • SHA256

    c90bc249d799c97cdb37cdca0cd9e1d5fa4347bcd851d8027ff3b7dbfd112984

  • SHA512

    87274fd921386b2e7e7dc47918ef66cdb0505c6351faf79a7f0557c285cb4f81a1a1a161903508c01633e76beb5094e39f2249bce1ab37059afda555b69409a3

  • SSDEEP

    768:CCyWqks1l/mja1fgFK2K+La+2LcGVdPNQ1tFA0JK5EIHs:flqks1l/ma1f8K2K+La+218nIHs

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\kLXISTfbYJ.pyc
    1⤵
    • Modifies registry class
    PID:3584
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4676

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads