Malware Analysis Report

2025-05-05 21:21

Sample ID 240510-2tv5msed7t
Target massdm_1.exe
SHA256 275aacc2cec3ea050be9fb7aae0a2325d24fc5381152a4e667fb2f06658a0136
Tags
pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

275aacc2cec3ea050be9fb7aae0a2325d24fc5381152a4e667fb2f06658a0136

Threat Level: Shows suspicious behavior

The file massdm_1.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller

Loads dropped DLL

Detects Pyinstaller

Unsigned PE

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 22:52

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 22:52

Reported

2024-05-10 22:55

Platform

win7-20240221-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\massdm_1.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\massdm_1.exe

"C:\Users\Admin\AppData\Local\Temp\massdm_1.exe"

C:\Users\Admin\AppData\Local\Temp\massdm_1.exe

"C:\Users\Admin\AppData\Local\Temp\massdm_1.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\_MEI21562\python39.dll

MD5 c4b75218b11808db4a04255574b2eb33
SHA1 f4a3497fb6972037fb271cfdc5b404a4b28ccf07
SHA256 53f27444e1e18cc39bdb733d19111e392769e428b518c0fc0839965b5a5727a2
SHA512 0b7ddbe6476cc230c7bdd96b5756dfb85ab769294461d1132f0411502521a2197c0f27c687df88a2cd1ab53332eaa30f17fa65f93dac3f5e56ed2b537232e69c

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 22:52

Reported

2024-05-10 22:56

Platform

win10v2004-20240226-en

Max time kernel

137s

Max time network

168s

Command Line

"C:\Users\Admin\AppData\Local\Temp\massdm_1.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 784 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe C:\Users\Admin\AppData\Local\Temp\massdm_1.exe
PID 784 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\massdm_1.exe C:\Users\Admin\AppData\Local\Temp\massdm_1.exe

Processes

C:\Users\Admin\AppData\Local\Temp\massdm_1.exe

"C:\Users\Admin\AppData\Local\Temp\massdm_1.exe"

C:\Users\Admin\AppData\Local\Temp\massdm_1.exe

"C:\Users\Admin\AppData\Local\Temp\massdm_1.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1352 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 67.112.168.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI7842\python39.dll

MD5 c4b75218b11808db4a04255574b2eb33
SHA1 f4a3497fb6972037fb271cfdc5b404a4b28ccf07
SHA256 53f27444e1e18cc39bdb733d19111e392769e428b518c0fc0839965b5a5727a2
SHA512 0b7ddbe6476cc230c7bdd96b5756dfb85ab769294461d1132f0411502521a2197c0f27c687df88a2cd1ab53332eaa30f17fa65f93dac3f5e56ed2b537232e69c

C:\Users\Admin\AppData\Local\Temp\_MEI7842\VCRUNTIME140.dll

MD5 7942be5474a095f673582997ae3054f1
SHA1 e982f6ebc74d31153ba9738741a7eec03a9fa5e8
SHA256 8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c
SHA512 49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

C:\Users\Admin\AppData\Local\Temp\_MEI7842\base_library.zip

MD5 bc01424ed53983d19cbf8fd156a3a270
SHA1 52b52dc66082aad747de9a118e13ef6a1ed94b0b
SHA256 a46f4b1561decd4bc8b6475e05cd66e318ec19fc44ff38a46a4207e0519e1a87
SHA512 c8fb1db8337b82ad5f839ca353409a96513c6490e8ee27931932aa66adaa16c31283bced0efe70516749a30f7f3676fd6a7572f05680e191f623edfbc76b3c1f

C:\Users\Admin\AppData\Local\Temp\_MEI7842\_ctypes.pyd

MD5 b74f6285a790ffd7e9ec26e3ab4ca8df
SHA1 7e023c1e4f12e8e577e46da756657fd2db80b5e8
SHA256 c1e3e9548243ca523f1941990477723f57a1052965fccc8f10c2cfae414a6b8a
SHA512 3a700638959cbd88e8a36291af954c7ccf00f6101287fc8bd3221ee31bd91b7bd1830c7847d8c2f4f07c94bc233be32a466b915283d3d2c66abed2c70570c299

C:\Users\Admin\AppData\Local\Temp\_MEI7842\python3.DLL

MD5 eb0a803cf72653c78fe900551f961da4
SHA1 d76cb52625e9cf88c588c34ba1759d8987acc8e7
SHA256 e9e4a9b271b692c331dc091825ac1ff51b01cd159f2e5c2553756c79ff272fa2
SHA512 2d77a84fe905d969f1789764a4138f6c461bff44bc264bf1883883cacec35d6e98abce1129312119eb2f8aca2ad6a899e6956c7287ae5b83430cea3f5e845697

C:\Users\Admin\AppData\Local\Temp\_MEI7842\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI7842\_socket.pyd

MD5 0df2287791c20a764e6641029a882f09
SHA1 8a0aeb4b4d8410d837469339244997c745c9640c
SHA256 09ab789238120df329956278f68a683210692c9bcccb8cd548c771e7f9711869
SHA512 60c24e38ba5d87f9456157e3f4501f4ffabce263105ff07aa611b2f35c3269ade458dbf857633c73c65660e0c37aee884b1c844b51a05ced6aed0c5d500006de

C:\Users\Admin\AppData\Local\Temp\_MEI7842\select.pyd

MD5 a2a4cf664570944ccc691acf47076eeb
SHA1 918a953817fff228dbd0bdf784ed6510314f4dd9
SHA256 b26b6631d433af5d63b8e7cda221b578e7236c8b34b3cffcf7630f2e83fc8434
SHA512 d022da9e2606c5c3875c21ba8e1132ad8b830411d6ec9c4ddf8ebd33798c44a7e9fe64793b8efb72f3e220bb5ce1512769a0398ecc109f53f394ea47da7a8767

C:\Users\Admin\AppData\Local\Temp\_MEI7842\_ssl.pyd

MD5 66172f2e3a46d2a0f04204d8f83c2b1e
SHA1 e74fee81b719effc003564edb6b50973f7df9364
SHA256 2b16154826a417c41cda72190b0cbcf0c05c6e6fe44bf06e680a407138402c01
SHA512 123b5858659b8a0ac1c0d43c24fbb9114721d86a2e06be3521ad0ed44b2e116546b7b6332fd2291d692d031ec598e865f476291d3f8f44131aacc8e7cf19f283

C:\Users\Admin\AppData\Local\Temp\_MEI7842\libcrypto-1_1.dll

MD5 cc4cbf715966cdcad95a1e6c95592b3d
SHA1 d5873fea9c084bcc753d1c93b2d0716257bea7c3
SHA256 594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1
SHA512 3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477

C:\Users\Admin\AppData\Local\Temp\_MEI7842\libssl-1_1.dll

MD5 bc778f33480148efa5d62b2ec85aaa7d
SHA1 b1ec87cbd8bc4398c6ebb26549961c8aab53d855
SHA256 9d4cf1c03629f92662fc8d7e3f1094a7fc93cb41634994464b853df8036af843
SHA512 80c1dd9d0179e6cc5f33eb62d05576a350af78b5170bfdf2ecda16f1d8c3c2d0e991a5534a113361ae62079fb165fff2344efd1b43031f1a7bfda696552ee173

C:\Users\Admin\AppData\Local\Temp\_MEI7842\_asyncio.pyd

MD5 7493f806acd8a867d90375362f8eed87
SHA1 d82ec9650a7fee1955078c42d7286f9d2b0026ff
SHA256 d1f458227ecf60d389145175fa0b61656ecac2fb80d9bb89e04cdf273e67c543
SHA512 e1139da5b0cdbebfc33e90c7617cc57e676c90e3d00236aaefc1aafa1c0247812b4ef2b605943810f41ebada5da7f2f24c998a8e07687cb1a3c89aa88e3ac7cc

C:\Users\Admin\AppData\Local\Temp\_MEI7842\_overlapped.pyd

MD5 e648ac1da13b47cd757b8ca5392e1e28
SHA1 1a16400c188a90b7d019364b3864d044155ab7b2
SHA256 c67bf0303c504f3605a6d4c396a1e30e35b64d1a1e39dd36943d8cc7f69a6097
SHA512 717f258d5a791359195856b9507dc7ca1403f424964490484fc9ffbcf42de451251764441cd5e4e9dd6b9bf51f6b035e79f1110c6ac5a8d0bae3d4589084846f

C:\Users\Admin\AppData\Local\Temp\_MEI7842\_bz2.pyd

MD5 499462206034b6ab7d18cc208a5b67e3
SHA1 1cd350a9f5d048d337475e66dcc0b9fab6aebf78
SHA256 6c2bbed242c399c4bc9b33268afe538cf1dea494c75c8d0db786030a0dcc4b7e
SHA512 17a1191f1d5ca00562b80eff2363b22869f7606a2a17f2f0b361d9b36b6e88cb43814255a5bac49d044ea7046b872bac63bd524f9442c9839ab80a54d96f1e6b

C:\Users\Admin\AppData\Local\Temp\_MEI7842\_lzma.pyd

MD5 bc118fb4e14de484452bb1be413c082a
SHA1 25d09b7fbc2452457bcf7025c3498947bc96c2d1
SHA256 ac0ceb8e6b5e67525b136b5ce97500fe4f152061b1bf2783f127eff557b248a3
SHA512 68a24d137b8641cd474180971142511d8708738096d865a73fb928315dd9edf46c4ebf97d596f4a9e207ec81828e5db7e90c7b8b00d5f416737ba8bffc2887bf

C:\Users\Admin\AppData\Local\Temp\_MEI7842\multidict\_multidict.cp39-win_amd64.pyd

MD5 d70507ffb5d2f6d527e32546fd138d0e
SHA1 3c43e86ac5afa6c4064b17fcaff45be5a2bbb9d3
SHA256 9fb82e21ee4f4d37d019b7053e6be4d9eed8c92cd12a3f7211125032c6e8cb22
SHA512 15933d164c1df23bfe8960a465b6ceedb34b765861ce8cc53bb87fe37745c59f8ee132891b5dc408278b8ad78d7c098f450291350c2e577436ebf2d49ac53faf

C:\Users\Admin\AppData\Local\Temp\_MEI7842\_hashlib.pyd

MD5 60f420a9a606e2c95168d25d2c1ac12e
SHA1 1e77cf7de26ed75208d31751fe61da5eddbbaf12
SHA256 8aa7abe0a92a89adf821e4eb783ad254a19858e62d99f80eb5872d81e8b3541c
SHA512 aaf768176cf034004a6d13370b11f0e4bbf86b9b76de7fa06d0939e98915607d504e076ad8adb1a0ebfb6fd021c51764a772f8af6af7f6d15b0d376448aba1a7

C:\Users\Admin\AppData\Local\Temp\_MEI7842\_uuid.pyd

MD5 1c76a51dd15102e04b95ce6f53c28ec3
SHA1 57897767fcdad111171ccaf9e6cf581fd968fab5
SHA256 cb195b5aae6a7969174e8c7c6f9e2b40683190f6b4e410233022df1b6dade731
SHA512 f39668a7683f22c8baede141c3e0624c90a2fd8ade92ac4aa2950090dfdf02e611af998caad3de783f215877b8951f8b22afaef3b2b0bcce7e294eb70d176e55

C:\Users\Admin\AppData\Local\Temp\_MEI7842\unicodedata.pyd

MD5 5753efb74fcb02a31a662d9d47a04754
SHA1 e7bf5ea3a235b6b661bf6d838e0067db0db0c5f4
SHA256 9be2b4c7db2c3a05ec3cbd08970e622fcaeb4091a55878df12995f2aeb727e72
SHA512 86372016c3b43bfb85e0d818ab02a471796cfad6d370f88f54957dfc18a874a20428a7a142fcd5a2ecd4a61f047321976af736185896372ac8fd8ca4131f3514

C:\Users\Admin\AppData\Local\Temp\_MEI7842\yarl\_quoting_c.cp39-win_amd64.pyd

MD5 b9dbd65dd477f78e292494852ed9cfb8
SHA1 d0c78884460fc4fd9810a00c9cd728629db40da4
SHA256 e7af21ec47fa1aea28ecc7516b389102514e9e5720b4af89e7aa48b489d4a500
SHA512 ef139107342dbb251079a800f275dce170891b5ea829395b256adebee60cae4e14fc852a58b0f476b4b7d3d87cc180046e691a855e4edc62c1baace6b53ab96b

C:\Users\Admin\AppData\Local\Temp\_MEI7842\aiohttp\_helpers.cp39-win_amd64.pyd

MD5 7f6b078292163c601721904b3548018a
SHA1 376760440e6efa1c25e6cac3649caab2074a31df
SHA256 b667e8e7a5e5d370cacc7c84f208fb2bbecf5e869ae78cfa728a5605455c2a12
SHA512 2269ac77d6f7dc54e6f38a5bae2abd51aa9472a2f017283bca8ad5f8b6ff8c007727daf2f5a241951b6057745e7a027683020da3021c71dcac28450d8316adca

C:\Users\Admin\AppData\Local\Temp\_MEI7842\aiohttp\_http_writer.cp39-win_amd64.pyd

MD5 0787a9bfdd846c1eae2fda08f38d9936
SHA1 a59c8e71b289d56f58da71f2248c875c77a7ea12
SHA256 2d8d172e786f3b9481afd71b53ce92364f0575daede375132afc54a7b188360b
SHA512 22bff42de1e2123f4c150fa62b1962c61a6fc9ea95e950eb16473f6fcc4d5d7027b6c38b31cba35140f7efa12a65079fb2cbe3d97e7bcfd832acb787d031843c

C:\Users\Admin\AppData\Local\Temp\_MEI7842\aiohttp\_http_parser.cp39-win_amd64.pyd

MD5 e94655f35987d2c40d5de804b6e5bc20
SHA1 fc2bc05af7ae9f0cbed49cf443d184a8bc642bba
SHA256 c43a1401e524d8c883c339be143d5b8df66e185a4cf04760750c081aa84c9e7c
SHA512 55fcd95454ac7035d1747dd0b831b2c9472ee8ed3579504d7c369b04dd80326cc5287a19e10e02f4662270685f7c844e6c1727df59df218d03ecf1a5968db0b5

C:\Users\Admin\AppData\Local\Temp\_MEI7842\aiohttp\_websocket.cp39-win_amd64.pyd

MD5 37e8b23fac04053d3f038d656d2c579e
SHA1 0828b35bc0ec69c8f16653ca93587b31dadb16c1
SHA256 78c2f6b08d4cfa155f49ef98401baebde32ac88209c4508fc2e3528376dd372c
SHA512 6e76f8d38ca63a40c43ff90802114416939b5a234b2396166c4250a7dedd7f241ab43ead1371c3ef44e1f293ba17c45ab85fadfc548874449dac2c2469567f48

C:\Users\Admin\AppData\Local\Temp\_MEI7842\aiohttp\_frozenlist.cp39-win_amd64.pyd

MD5 c7e034db1bb3a0788d24e2303449612b
SHA1 3b0adf8e16cb819c6e0d0fc3df6972b3c399c5ae
SHA256 9d692c222721edd6b1d16fca3c8cfabc2128e1566534878bd0c029c417049f8a
SHA512 257270f6be573e1b04fef059bc7478919f9162256002e48c8c71fb063baf090e6370f67dd7d302eb0c3afd9e902460b30b6551fe0aa1c1ee0c3f46865296f7f5

C:\Users\Admin\AppData\Local\Temp\_MEI7842\nacl\_sodium.pyd

MD5 f2f8c186dbb91b3dddf6aa7b44ee05d4
SHA1 95eb61564c5191e59ca5e359646e9564d77a6f97
SHA256 ca83a6731e6d49ccb86d94601b148bd4cc36ad89f9cdaae6eec46481047d13ec
SHA512 ae2c2ef8abf304cd9132add4cc2f08c4c5486ad96058351fe101788d014a04cb554dec5fab779f9a2ccb9d13ffac45dca3db89e36de163076e5b4c9ff171738e

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-10 22:52

Reported

2024-05-10 22:55

Platform

win7-20240419-en

Max time kernel

121s

Max time network

121s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\massdm.pyc

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 840 wrote to memory of 2644 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 840 wrote to memory of 2644 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 840 wrote to memory of 2644 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\massdm.pyc

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\massdm.pyc

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-10 22:52

Reported

2024-05-10 22:55

Platform

win10v2004-20240508-en

Max time kernel

93s

Max time network

94s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\massdm.pyc

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\massdm.pyc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

N/A