Resubmissions

03/05/2024, 20:03

240503-ysqa8aeb6z 10

Analysis

  • max time kernel
    1562s
  • max time network
    1569s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03/05/2024, 20:03

General

  • Target

    depot_228990/MFGW.app/Contents/Resources/lib/python3.9/ctypes/_endian.pyc

  • Size

    1KB

  • MD5

    e6e1dc6904af00815b0b5bf7a2905492

  • SHA1

    536b3deb0c3a9767fe3b6537238cd3b6574ca913

  • SHA256

    0a058d339541434ba823568dc3147d588610d9fca8c495a94cef613ea02ddcf6

  • SHA512

    e1d1440461f80574ff80df356453add4fc25dcade8ca9d3a2becb01cc61dab2a8db8de89802008ea4cd34f9986a582f2603c66ab0eb6aed518fbd164e8ba1bb6

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\depot_228990\MFGW.app\Contents\Resources\lib\python3.9\ctypes\_endian.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2936
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\depot_228990\MFGW.app\Contents\Resources\lib\python3.9\ctypes\_endian.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2636
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\depot_228990\MFGW.app\Contents\Resources\lib\python3.9\ctypes\_endian.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    700c302311eeecfe66cbd002bbab89f1

    SHA1

    6abfa0431a13dd3dd08d000b761f45fb5f62d27a

    SHA256

    b4e64d9cd6bed8ad0f697e96e73836bf476385b37fb257850bb6c1cd7dc3cb63

    SHA512

    790a28f01d74cefb9846d51c2e37afa209445ca9d6a7c5b4c345e00ca0167fcc899f80390b4d777f3101ae7009edbccaa74a6aaa1de62674137931a3aebab8a5