Overview
overview
8Static
static
8New WinRAR...ve.zip
windows7-x64
1Blank-Grab...11.pyc
windows7-x64
3Blank-Grab...).tmpl
windows7-x64
3Blank-Grab...t.tmpl
windows7-x64
3Blank-Grab...TALLER
windows7-x64
1Blank-Grab...SE.txt
windows7-x64
1Blank-Grab....typed
windows7-x64
3Blank-Grab...TALLER
windows7-x64
1Blank-Grab...SE.txt
windows7-x64
1Blank-Grab...TADATA
windows7-x64
1Blank-Grab...RECORD
windows7-x64
1Blank-Grab.../WHEEL
windows7-x64
1Blank-Grab...ts.txt
windows7-x64
1Blank-Grab...or.txt
windows7-x64
1Blank-Grab...e.spec
windows7-x64
3Blank-Grab...tivate
windows7-x64
1Blank-Grab...nk.aes
windows7-x64
3Blank-Grab...00.toc
windows7-x64
3Blank-Grab...00.toc
windows7-x64
3Blank-Grab...00.toc
windows7-x64
3Blank-Grab...00.pyz
windows7-x64
3Blank-Grab...00.toc
windows7-x64
3Blank-Grab...ry.zip
windows7-x64
1Blank-Grab...s/cert
windows7-x64
1Blank-Grab...g.json
windows7-x64
3Blank-Grab...eg.key
windows7-x64
3Blank-Grab...ts.txt
windows7-x64
1Blank-Grab...on.txt
windows7-x64
1Blank-Grab...nv.cfg
windows7-x64
3Blank-Grab...ICENSE
windows7-x64
1Blank-Grab...DME.md
windows7-x64
3Blank-Grab...log.md
windows7-x64
3Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 22:18
Behavioral task
behavioral1
Sample
New WinRAR ZIP archive.zip
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/PyInstaller/building/__pycache__/__init__.cpython-311.pyc
Resource
win7-20240508-en
Behavioral task
behavioral3
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/setuptools/script (dev).tmpl
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/setuptools/script.tmpl
Resource
win7-20240508-en
Behavioral task
behavioral5
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/tinyaes-1.1.0.dist-info/INSTALLER
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/tinyaes-1.1.0.dist-info/LICENSE.txt
Resource
win7-20240419-en
Behavioral task
behavioral7
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/urllib3/py.typed
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel-0.43.0.dist-info/INSTALLER
Resource
win7-20240508-en
Behavioral task
behavioral9
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel-0.43.0.dist-info/LICENSE.txt
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel-0.43.0.dist-info/METADATA
Resource
win7-20240215-en
Behavioral task
behavioral11
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel-0.43.0.dist-info/RECORD
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel-0.43.0.dist-info/WHEEL
Resource
win7-20240221-en
Behavioral task
behavioral13
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel-0.43.0.dist-info/entry_points.txt
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel/vendored/vendor.txt
Resource
win7-20240508-en
Behavioral task
behavioral15
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/Built.exe.spec
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/activate
Resource
win7-20240220-en
Behavioral task
behavioral17
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/blank.aes
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/Analysis-00.toc
Resource
win7-20240221-en
Behavioral task
behavioral19
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/EXE-00.toc
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/PKG-00.toc
Resource
win7-20240419-en
Behavioral task
behavioral21
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/PYZ-00.pyz
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/PYZ-00.toc
Resource
win7-20240221-en
Behavioral task
behavioral23
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/base_library.zip
Resource
win7-20240215-en
Behavioral task
behavioral24
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/cert
Resource
win7-20240221-en
Behavioral task
behavioral25
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/config.json
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/rarreg.key
Resource
win7-20240508-en
Behavioral task
behavioral27
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/requirements.txt
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/version.txt
Resource
win7-20240215-en
Behavioral task
behavioral29
Sample
Blank-Grabber-main/Blank Grabber/env/pyvenv.cfg
Resource
win7-20240419-en
Behavioral task
behavioral30
Sample
Blank-Grabber-main/LICENSE
Resource
win7-20231129-en
Behavioral task
behavioral31
Sample
Blank-Grabber-main/README.md
Resource
win7-20240220-en
Behavioral task
behavioral32
Sample
Blank-Grabber-main/changelog.md
Resource
win7-20240508-en
General
-
Target
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/Analysis-00.toc
-
Size
25KB
-
MD5
67e0e46b74732b0dd2d371ffe86fdca7
-
SHA1
21ca34f533dcd30c59517a205d31a212ee0184b1
-
SHA256
24f17db07acffed58bca943a295bb76d344930c257aa668adcf9966a039e17f4
-
SHA512
300b799316ef6aa7abea3f2208931b88dad79351764dde3ff19aa89435731429a29a830af177e6c277e1ac81c317798881ea0dba823dcbfd1a901e1f25c4209b
-
SSDEEP
192:anRk7se9bP6mG9tf878KrlXm04dKrlLcR5n1vDlbgDJk5JhGFyNh8481tf1y/qM/:aSQhYDVEoC5n98VbENL
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\toc_auto_file rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\toc_auto_file\ rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\toc_auto_file\shell\Read rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\toc_auto_file\shell rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\toc_auto_file\shell\Read\command rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\toc_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.toc rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.toc\ = "toc_auto_file" rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2988 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2988 AcroRd32.exe 2988 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2180 wrote to memory of 2532 2180 cmd.exe 29 PID 2180 wrote to memory of 2532 2180 cmd.exe 29 PID 2180 wrote to memory of 2532 2180 cmd.exe 29 PID 2532 wrote to memory of 2988 2532 rundll32.exe 30 PID 2532 wrote to memory of 2988 2532 rundll32.exe 30 PID 2532 wrote to memory of 2988 2532 rundll32.exe 30 PID 2532 wrote to memory of 2988 2532 rundll32.exe 30
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\Blank Grabber\env\Scripts\build\Built.exe\Analysis-00.toc"1⤵
- Suspicious use of WriteProcessMemory
PID:2180 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\Blank Grabber\env\Scripts\build\Built.exe\Analysis-00.toc2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2532 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\Blank Grabber\env\Scripts\build\Built.exe\Analysis-00.toc"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2988
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD54335927fb925176d6f6acd341a9bfb0d
SHA176cd3182dd3f0ec4569e14a432f09fd90fb7d8dd
SHA2566c5b7b0d5f3898505a0a3ae7d20a6ca7a718b2ce9b834159615ebd31187aac0e
SHA512aaa7c5e1168626209b3eb7cd5a73fae1b06e0a4a9df06b365266f04b61eaa7085764ac101d2c1697907ecdd1c66ce128d276dce892d3707181a63ec31a5f9636