Overview
overview
8Static
static
8New WinRAR...ve.zip
windows7-x64
1Blank-Grab...11.pyc
windows7-x64
3Blank-Grab...).tmpl
windows7-x64
3Blank-Grab...t.tmpl
windows7-x64
3Blank-Grab...TALLER
windows7-x64
1Blank-Grab...SE.txt
windows7-x64
1Blank-Grab....typed
windows7-x64
3Blank-Grab...TALLER
windows7-x64
1Blank-Grab...SE.txt
windows7-x64
1Blank-Grab...TADATA
windows7-x64
1Blank-Grab...RECORD
windows7-x64
1Blank-Grab.../WHEEL
windows7-x64
1Blank-Grab...ts.txt
windows7-x64
1Blank-Grab...or.txt
windows7-x64
1Blank-Grab...e.spec
windows7-x64
3Blank-Grab...tivate
windows7-x64
1Blank-Grab...nk.aes
windows7-x64
3Blank-Grab...00.toc
windows7-x64
3Blank-Grab...00.toc
windows7-x64
3Blank-Grab...00.toc
windows7-x64
3Blank-Grab...00.pyz
windows7-x64
3Blank-Grab...00.toc
windows7-x64
3Blank-Grab...ry.zip
windows7-x64
1Blank-Grab...s/cert
windows7-x64
1Blank-Grab...g.json
windows7-x64
3Blank-Grab...eg.key
windows7-x64
3Blank-Grab...ts.txt
windows7-x64
1Blank-Grab...on.txt
windows7-x64
1Blank-Grab...nv.cfg
windows7-x64
3Blank-Grab...ICENSE
windows7-x64
1Blank-Grab...DME.md
windows7-x64
3Blank-Grab...log.md
windows7-x64
3Analysis
-
max time kernel
121s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 22:18
Behavioral task
behavioral1
Sample
New WinRAR ZIP archive.zip
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/PyInstaller/building/__pycache__/__init__.cpython-311.pyc
Resource
win7-20240508-en
Behavioral task
behavioral3
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/setuptools/script (dev).tmpl
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/setuptools/script.tmpl
Resource
win7-20240508-en
Behavioral task
behavioral5
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/tinyaes-1.1.0.dist-info/INSTALLER
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/tinyaes-1.1.0.dist-info/LICENSE.txt
Resource
win7-20240419-en
Behavioral task
behavioral7
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/urllib3/py.typed
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel-0.43.0.dist-info/INSTALLER
Resource
win7-20240508-en
Behavioral task
behavioral9
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel-0.43.0.dist-info/LICENSE.txt
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel-0.43.0.dist-info/METADATA
Resource
win7-20240215-en
Behavioral task
behavioral11
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel-0.43.0.dist-info/RECORD
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel-0.43.0.dist-info/WHEEL
Resource
win7-20240221-en
Behavioral task
behavioral13
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel-0.43.0.dist-info/entry_points.txt
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel/vendored/vendor.txt
Resource
win7-20240508-en
Behavioral task
behavioral15
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/Built.exe.spec
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/activate
Resource
win7-20240220-en
Behavioral task
behavioral17
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/blank.aes
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/Analysis-00.toc
Resource
win7-20240221-en
Behavioral task
behavioral19
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/EXE-00.toc
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/PKG-00.toc
Resource
win7-20240419-en
Behavioral task
behavioral21
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/PYZ-00.pyz
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/PYZ-00.toc
Resource
win7-20240221-en
Behavioral task
behavioral23
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/base_library.zip
Resource
win7-20240215-en
Behavioral task
behavioral24
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/cert
Resource
win7-20240221-en
Behavioral task
behavioral25
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/config.json
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/rarreg.key
Resource
win7-20240508-en
Behavioral task
behavioral27
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/requirements.txt
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/version.txt
Resource
win7-20240215-en
Behavioral task
behavioral29
Sample
Blank-Grabber-main/Blank Grabber/env/pyvenv.cfg
Resource
win7-20240419-en
Behavioral task
behavioral30
Sample
Blank-Grabber-main/LICENSE
Resource
win7-20231129-en
Behavioral task
behavioral31
Sample
Blank-Grabber-main/README.md
Resource
win7-20240220-en
Behavioral task
behavioral32
Sample
Blank-Grabber-main/changelog.md
Resource
win7-20240508-en
General
-
Target
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/EXE-00.toc
-
Size
7KB
-
MD5
30596a29f03d87d270b956114a18422d
-
SHA1
db876db8b526429bf04b54de6049acc82dc1e797
-
SHA256
2679130c5ed2105602791fb425f7707c15686f9449212edeaab7aa7ffb1d366e
-
SHA512
31198a584973c53a784ed6a59cbc086652c41020a6e3eae2118b078bf2b2acf2d6e6987535d5dcd97d6bdac2ad7623052ea4a8693a0a723a0338e3bebb279c43
-
SSDEEP
192:9lIQMelpgLvsExuwTiXFelbAD0+sMk+ftf6Tbh:9lvMebgLvsYErS
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\toc_auto_file rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\toc_auto_file\ rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\.toc rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\.toc\ = "toc_auto_file" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\toc_auto_file\shell rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\toc_auto_file\shell\Read rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\toc_auto_file\shell\Read\command rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\toc_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2780 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2780 AcroRd32.exe 2780 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2840 wrote to memory of 2696 2840 cmd.exe 29 PID 2840 wrote to memory of 2696 2840 cmd.exe 29 PID 2840 wrote to memory of 2696 2840 cmd.exe 29 PID 2696 wrote to memory of 2780 2696 rundll32.exe 30 PID 2696 wrote to memory of 2780 2696 rundll32.exe 30 PID 2696 wrote to memory of 2780 2696 rundll32.exe 30 PID 2696 wrote to memory of 2780 2696 rundll32.exe 30
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\Blank Grabber\env\Scripts\build\Built.exe\EXE-00.toc"1⤵
- Suspicious use of WriteProcessMemory
PID:2840 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\Blank Grabber\env\Scripts\build\Built.exe\EXE-00.toc2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2696 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\Blank Grabber\env\Scripts\build\Built.exe\EXE-00.toc"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2780
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD54fae65fad10aad31796581e37e73883f
SHA10d2de57dca25fcd7951e916438ad31d3347dfca5
SHA2569cd02cc24571cd869cdad2b36cd5caf39fd3ccbb81c96c48619a7a65c310b272
SHA512ca2af6bee915e29a1b17ae512a036b43045c24e34383322c50f0ceb3847362d5d268c2e11a7862f97f2d887bfeb7b86fdd1e3eb5db06356047e4ab0970312f90