Overview
overview
8Static
static
8New WinRAR...ve.zip
windows7-x64
1Blank-Grab...11.pyc
windows7-x64
3Blank-Grab...).tmpl
windows7-x64
3Blank-Grab...t.tmpl
windows7-x64
3Blank-Grab...TALLER
windows7-x64
1Blank-Grab...SE.txt
windows7-x64
1Blank-Grab....typed
windows7-x64
3Blank-Grab...TALLER
windows7-x64
1Blank-Grab...SE.txt
windows7-x64
1Blank-Grab...TADATA
windows7-x64
1Blank-Grab...RECORD
windows7-x64
1Blank-Grab.../WHEEL
windows7-x64
1Blank-Grab...ts.txt
windows7-x64
1Blank-Grab...or.txt
windows7-x64
1Blank-Grab...e.spec
windows7-x64
3Blank-Grab...tivate
windows7-x64
1Blank-Grab...nk.aes
windows7-x64
3Blank-Grab...00.toc
windows7-x64
3Blank-Grab...00.toc
windows7-x64
3Blank-Grab...00.toc
windows7-x64
3Blank-Grab...00.pyz
windows7-x64
3Blank-Grab...00.toc
windows7-x64
3Blank-Grab...ry.zip
windows7-x64
1Blank-Grab...s/cert
windows7-x64
1Blank-Grab...g.json
windows7-x64
3Blank-Grab...eg.key
windows7-x64
3Blank-Grab...ts.txt
windows7-x64
1Blank-Grab...on.txt
windows7-x64
1Blank-Grab...nv.cfg
windows7-x64
3Blank-Grab...ICENSE
windows7-x64
1Blank-Grab...DME.md
windows7-x64
3Blank-Grab...log.md
windows7-x64
3Analysis
-
max time kernel
122s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 22:18
Behavioral task
behavioral1
Sample
New WinRAR ZIP archive.zip
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/PyInstaller/building/__pycache__/__init__.cpython-311.pyc
Resource
win7-20240508-en
Behavioral task
behavioral3
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/setuptools/script (dev).tmpl
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/setuptools/script.tmpl
Resource
win7-20240508-en
Behavioral task
behavioral5
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/tinyaes-1.1.0.dist-info/INSTALLER
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/tinyaes-1.1.0.dist-info/LICENSE.txt
Resource
win7-20240419-en
Behavioral task
behavioral7
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/urllib3/py.typed
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel-0.43.0.dist-info/INSTALLER
Resource
win7-20240508-en
Behavioral task
behavioral9
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel-0.43.0.dist-info/LICENSE.txt
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel-0.43.0.dist-info/METADATA
Resource
win7-20240215-en
Behavioral task
behavioral11
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel-0.43.0.dist-info/RECORD
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel-0.43.0.dist-info/WHEEL
Resource
win7-20240221-en
Behavioral task
behavioral13
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel-0.43.0.dist-info/entry_points.txt
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel/vendored/vendor.txt
Resource
win7-20240508-en
Behavioral task
behavioral15
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/Built.exe.spec
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/activate
Resource
win7-20240220-en
Behavioral task
behavioral17
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/blank.aes
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/Analysis-00.toc
Resource
win7-20240221-en
Behavioral task
behavioral19
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/EXE-00.toc
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/PKG-00.toc
Resource
win7-20240419-en
Behavioral task
behavioral21
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/PYZ-00.pyz
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/PYZ-00.toc
Resource
win7-20240221-en
Behavioral task
behavioral23
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/base_library.zip
Resource
win7-20240215-en
Behavioral task
behavioral24
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/cert
Resource
win7-20240221-en
Behavioral task
behavioral25
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/config.json
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/rarreg.key
Resource
win7-20240508-en
Behavioral task
behavioral27
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/requirements.txt
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/version.txt
Resource
win7-20240215-en
Behavioral task
behavioral29
Sample
Blank-Grabber-main/Blank Grabber/env/pyvenv.cfg
Resource
win7-20240419-en
Behavioral task
behavioral30
Sample
Blank-Grabber-main/LICENSE
Resource
win7-20231129-en
Behavioral task
behavioral31
Sample
Blank-Grabber-main/README.md
Resource
win7-20240220-en
Behavioral task
behavioral32
Sample
Blank-Grabber-main/changelog.md
Resource
win7-20240508-en
General
-
Target
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/PYZ-00.pyz
-
Size
1.6MB
-
MD5
f64a698c05e1400327179d88aaa3ce02
-
SHA1
bf21c6eba63829084e2ea14d540a7817bb56a7e5
-
SHA256
a8ad1a6d1aefa1536addb6bf6f6b900d3d6ff1c2e11d764ee726653d2036b760
-
SHA512
2472c397ad0d3623f84bbed19f178b3ec9d99dc8e2b1d5797267bc44a6ee5613890be7153f789740b4daef32605af007fe1b6f95a9e407654a2f60e4c03d24f8
-
SSDEEP
24576:kozI+9DvSCJRCMmYyOJTAVpaQ+OlkA0pXB9pU8LBVUf1zAbz/jlplIUxakjg:RzHvLJR9JTSQ380XBfU8LLo1WjFxf0
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\pyz_auto_file\ rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\.pyz\ = "pyz_auto_file" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\pyz_auto_file\shell\Read rundll32.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\pyz_auto_file\shell\Read\command rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\pyz_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\pyz_auto_file rundll32.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\.pyz rundll32.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\pyz_auto_file\shell rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2380 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2380 AcroRd32.exe 2380 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2460 wrote to memory of 2704 2460 cmd.exe 29 PID 2460 wrote to memory of 2704 2460 cmd.exe 29 PID 2460 wrote to memory of 2704 2460 cmd.exe 29 PID 2704 wrote to memory of 2380 2704 rundll32.exe 30 PID 2704 wrote to memory of 2380 2704 rundll32.exe 30 PID 2704 wrote to memory of 2380 2704 rundll32.exe 30 PID 2704 wrote to memory of 2380 2704 rundll32.exe 30
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\Blank Grabber\env\Scripts\build\Built.exe\PYZ-00.pyz"1⤵
- Suspicious use of WriteProcessMemory
PID:2460 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\Blank Grabber\env\Scripts\build\Built.exe\PYZ-00.pyz2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2704 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\Blank Grabber\env\Scripts\build\Built.exe\PYZ-00.pyz"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2380
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD558b759c7d4a03c3f3b1abb57a1e41d14
SHA1dde6d5282cfb4d75c30f57bc44e5614d4d9e3392
SHA2562e82e91f2339f37d2923b73745dd9ec1f5f9e9858c0eb17844970e6ec371ed20
SHA512d9229f7d42d23ac5c31234f8e1037180f8b3aaa580249ac508d2f4741a5334d727dad328bb85c55aacd127e03183a907fcafa02ac5dcc0a4e5a5d238192eede5