Analysis
-
max time kernel
122s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
22-05-2024 22:18
General
-
Target
Blank-Grabber-main/Blank Grabber/env/pyvenv.cfg
-
Size
352B
-
MD5
ec0d5904fa80fff763302201a5fa3b67
-
SHA1
b864792c2aea2bf3e9c62bb6546fbee3b50a2b7b
-
SHA256
e5d6e27e5a050e960d3f7adb56a7de4458d448c858ef0a9843315fd3a0c15279
-
SHA512
46e7fa0a42e53db96cf277703e9df47b406987ea94b298d9ae1c5cb4511c8f462a19746e77393a0ed196ca2a1864212e137343bfb8521ea41b686f4de6270956
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\Blank Grabber\env\pyvenv.cfg"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\Blank Grabber\env\pyvenv.cfg2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\Blank Grabber\env\pyvenv.cfg"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD578e0499405126ac2116b80720aa481bc
SHA1c14f8b218917ce4c09c169bc4d013ff624193f36
SHA256ff692fe61299119ff1e5d02627c89e821ea06f95df5295ce73aca98137b0b794
SHA512f12efaaba1da42cac97dbc83dbdc0cdbaca007b1ccb943c6d8bbf4181229984a7ee569bf71c390b46173fc20afa5c719802192724ac54a0c338ff95573638685