Overview

overview

3

Static

static

1

spam.py

windows7-x64

3

spam.py

windows10-2004-x64

3

Resubmissions

06-05-2024 02:28

240506-cx7keaha56 3

05-05-2024 16:21

240505-ttq7pahh66 3

19-04-2024 07:38

240419-jgrycach9z 3

19-04-2024 01:30

240419-bwyensdh4w 3

18-04-2024 07:41

240418-jjd49sfa88 3

18-04-2024 04:35

240418-e73ejsbb94 3

Analysis

  • max time kernel
    388s
  • max time network
    390s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-05-2024 02:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    spam.py

  • Size

    744B

  • MD5

    d269a9d5a48340bf230519dd91d176ef

  • SHA1

    f7f7d9d6eb820f89ddb3a00294961fe17e821af8

  • SHA256

    1774c1fb572214f8ab4b5c710d65456442a33c94f249d9ad65284e8c0f55569f

  • SHA512

    f45c3385e373635ebf9336f95c35493e17973e61d74b4144935b5b24c2d07c43dbcfc7c302b76250cac3ab5172b4ba5c29d409d85d4fe33d0a7640b74ec6d789

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 3 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\spam.py
    1⤵
    • Modifies registry class
    PID:4476
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3772
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4928
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3312
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\spam.py
        2⤵
        • Opens file in notepad (likely ransom note)
        PID:4416
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4816
      • C:\Users\Admin\AppData\Local\Temp\python.exe
        python spam.py
        2⤵
          PID:4684

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\spam.py
        Filesize

        746B

        MD5

        7df458fb61b4037c619350072787d36f

        SHA1

        6244ac61db30a335fce8532553b6081fd338cb26

        SHA256

        84a9212cc61cb2fa59c653d499e09d8e5e6c5ec17579fa05d4a5ac14cf8b66e9

        SHA512

        07edc92ccaf17cdb2583203436c54221182b5e42c4688a164061b639feaf4eeda0a5001ad565912b9d1f25c5b4b4a293b956ed4a21e0b570d1e347363994d620

        Download Submit