Overview

overview

10

Static

static

3

sunny_executer.exe

windows10-2004-x64

10

sunny_executer.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/05/2024, 12:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    sunny_executer.pyc

  • Size

    3KB

  • MD5

    1c3340e535cac3c0e61bd19c583c57ed

  • SHA1

    a3d396fd5c1607fd1d47348540b1d9d732a8cbf6

  • SHA256

    a5fadc6f87e7789f051375c89b4abfb3c92acc4d69c2691f574e3c6dfac0017d

  • SHA512

    db6e6fd306338ebe4808417bb7d5a1008780e5268bebdf45b8f1dc870344bc69cbce31fcb4ac8e772a5a525ddd8a649f3476c95c681a8689f8337f9ba76db541

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of SetWindowsHookEx 15 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\sunny_executer.pyc
    1⤵
    • Modifies registry class
    PID:3664
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5080
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\sunny_executer.pyc
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:316

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads