Resubmissions
01/05/2024, 17:15
240501-vshplaeb67 701/05/2024, 17:06
240501-vmhgmsea62 701/05/2024, 17:01
240501-vjj63abf9w 701/05/2024, 17:00
240501-vh914adh82 301/05/2024, 16:59
240501-vhhxlsdh69 7Analysis
-
max time kernel
388s -
max time network
362s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
01/05/2024, 17:15
General
-
Target
AmongUs-Cheat.pyc
-
Size
69KB
-
MD5
fb942aafb09f2c768e27fba5460ffcda
-
SHA1
0f5ab31a93a66f7c9160e76fa2126027f89ed987
-
SHA256
114f92f159dd6defdda66707812cb320102c7357595179f61507ef5d79f133d7
-
SHA512
7c7b5d20b520ab6241ec2934547349947586abd5cc14ebf27e7cf4345856c4936aba246c26379c13ac9cc0f57a46320e3471bb7033fd2f8e608886019b30ca75
-
SSDEEP
768:ufAIw3n7BMMM8v82TwIvmLRmbp3oXTx2VatZA7iUIgxyniAnjOynrX6D7Ln:uI3nlM9mFwxyIgxynvaMrM
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
-
Suspicious use of SetWindowsHookEx 17 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\AmongUs-Cheat.pyc1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\AmongUs-Cheat.pyc2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2804 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:81⤵