Overview
overview
8Static
static
8New WinRAR...ve.zip
windows7-x64
1Blank-Grab...11.pyc
windows7-x64
3Blank-Grab...).tmpl
windows7-x64
3Blank-Grab...t.tmpl
windows7-x64
3Blank-Grab...TALLER
windows7-x64
1Blank-Grab...SE.txt
windows7-x64
1Blank-Grab....typed
windows7-x64
3Blank-Grab...TALLER
windows7-x64
1Blank-Grab...SE.txt
windows7-x64
1Blank-Grab...TADATA
windows7-x64
1Blank-Grab...RECORD
windows7-x64
1Blank-Grab.../WHEEL
windows7-x64
1Blank-Grab...ts.txt
windows7-x64
1Blank-Grab...or.txt
windows7-x64
1Blank-Grab...e.spec
windows7-x64
3Blank-Grab...tivate
windows7-x64
1Blank-Grab...nk.aes
windows7-x64
3Blank-Grab...00.toc
windows7-x64
3Blank-Grab...00.toc
windows7-x64
3Blank-Grab...00.toc
windows7-x64
3Blank-Grab...00.pyz
windows7-x64
3Blank-Grab...00.toc
windows7-x64
3Blank-Grab...ry.zip
windows7-x64
1Blank-Grab...s/cert
windows7-x64
1Blank-Grab...g.json
windows7-x64
3Blank-Grab...eg.key
windows7-x64
3Blank-Grab...ts.txt
windows7-x64
1Blank-Grab...on.txt
windows7-x64
1Blank-Grab...nv.cfg
windows7-x64
3Blank-Grab...ICENSE
windows7-x64
1Blank-Grab...DME.md
windows7-x64
3Blank-Grab...log.md
windows7-x64
3Analysis
-
max time kernel
118s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 22:18
Behavioral task
behavioral1
Sample
New WinRAR ZIP archive.zip
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/PyInstaller/building/__pycache__/__init__.cpython-311.pyc
Resource
win7-20240508-en
Behavioral task
behavioral3
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/setuptools/script (dev).tmpl
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/setuptools/script.tmpl
Resource
win7-20240508-en
Behavioral task
behavioral5
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/tinyaes-1.1.0.dist-info/INSTALLER
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/tinyaes-1.1.0.dist-info/LICENSE.txt
Resource
win7-20240419-en
Behavioral task
behavioral7
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/urllib3/py.typed
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel-0.43.0.dist-info/INSTALLER
Resource
win7-20240508-en
Behavioral task
behavioral9
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel-0.43.0.dist-info/LICENSE.txt
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel-0.43.0.dist-info/METADATA
Resource
win7-20240215-en
Behavioral task
behavioral11
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel-0.43.0.dist-info/RECORD
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel-0.43.0.dist-info/WHEEL
Resource
win7-20240221-en
Behavioral task
behavioral13
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel-0.43.0.dist-info/entry_points.txt
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
Blank-Grabber-main/Blank Grabber/env/Lib/site-packages/wheel/vendored/vendor.txt
Resource
win7-20240508-en
Behavioral task
behavioral15
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/Built.exe.spec
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/activate
Resource
win7-20240220-en
Behavioral task
behavioral17
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/blank.aes
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/Analysis-00.toc
Resource
win7-20240221-en
Behavioral task
behavioral19
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/EXE-00.toc
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/PKG-00.toc
Resource
win7-20240419-en
Behavioral task
behavioral21
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/PYZ-00.pyz
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/PYZ-00.toc
Resource
win7-20240221-en
Behavioral task
behavioral23
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/build/Built.exe/base_library.zip
Resource
win7-20240215-en
Behavioral task
behavioral24
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/cert
Resource
win7-20240221-en
Behavioral task
behavioral25
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/config.json
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/rarreg.key
Resource
win7-20240508-en
Behavioral task
behavioral27
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/requirements.txt
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
Blank-Grabber-main/Blank Grabber/env/Scripts/version.txt
Resource
win7-20240215-en
Behavioral task
behavioral29
Sample
Blank-Grabber-main/Blank Grabber/env/pyvenv.cfg
Resource
win7-20240419-en
Behavioral task
behavioral30
Sample
Blank-Grabber-main/LICENSE
Resource
win7-20231129-en
Behavioral task
behavioral31
Sample
Blank-Grabber-main/README.md
Resource
win7-20240220-en
Behavioral task
behavioral32
Sample
Blank-Grabber-main/changelog.md
Resource
win7-20240508-en
General
-
Target
Blank-Grabber-main/README.md
-
Size
7KB
-
MD5
9526a8f5daab4607c86f79793ca7659d
-
SHA1
7a3d14d9f1164fd52ecbacf3cdf92fecb96bf24a
-
SHA256
4b82902e290651a98b7512e37ef56ddbd2b141301ed555e20212f3a50332dd17
-
SHA512
b794ff780e72161a98cac9ebfa50a435c9ff96e955aaf9ca8713a47ff72477fee878062331e7db4898477fd8e2d45cf4396855864fbadfb1ba96e55a8d42dc90
-
SSDEEP
192:cqHjy5Eh9CKO+Vcj54sbMvengd+fgsz6DEeCExK:cqHjy5Eh9CKhOj54xve6+5z6DEeDxK
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.md\ = "md_auto_file" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\md_auto_file\shell\Read rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\md_auto_file\shell rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.md rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\md_auto_file rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\md_auto_file\ rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\md_auto_file\shell\Read\command rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\md_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2680 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2680 AcroRd32.exe 2680 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1908 wrote to memory of 2764 1908 cmd.exe 29 PID 1908 wrote to memory of 2764 1908 cmd.exe 29 PID 1908 wrote to memory of 2764 1908 cmd.exe 29 PID 2764 wrote to memory of 2680 2764 rundll32.exe 30 PID 2764 wrote to memory of 2680 2764 rundll32.exe 30 PID 2764 wrote to memory of 2680 2764 rundll32.exe 30 PID 2764 wrote to memory of 2680 2764 rundll32.exe 30
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\README.md1⤵
- Suspicious use of WriteProcessMemory
PID:1908 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\README.md2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2764 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\README.md"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2680
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5a5032baa573e2a527242333a352b29b5
SHA10b5e255f140739225fdf2f5d4177b23c5159b416
SHA256693ecf32d2d4b75419e8a2ac76ec1989336b165338686b0056bc92e2097d56d8
SHA512808e9bd3f6646b7f6392bd8a9a5aa84a09304b2f2c5f5c036a0bfad46f213ebde971646e750db79b0ce9de8401e77cca3a2927713d9c5e17e219af6f3326ea8a