Overview

overview

8

Static

static

1

Loader.exe

windows7-x64

7

Loader.exe

windows10-2004-x64

8

Builder.pyc

windows7-x64

3

Builder.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    88s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 14:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Builder.pyc

  • Size

    261KB

  • MD5

    88e7c431909e81ba2277549fc723c330

  • SHA1

    cb56b68d13499c3918892f4edfbe3dfaa4de68d0

  • SHA256

    8a8c154099668d750b23d09c398594572501382ac28c1605d164f7b745dbf499

  • SHA512

    3fc3b4a9d7ceab2b4fd8855c5b05fe9df3add797ef3fa9b44e0c7ff03162358cfd1ce356e352f7cb4a89099b3bfd6f58103b53656b856daef5d5a4aeb03dcd31

  • SSDEEP

    3072:6zDI4ykuQA8BnPZ05DTvtIM/zQ8J7sdd3:ixykuL8BnPW5nFIMrQ8Jwdp

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Builder.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2944
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Builder.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2688
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Builder.pyc"
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:2904

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    cad7c438c2ca97ad198a4d0de41450a5

    SHA1

    039d5518715285b72dcd0490f21042ca3ca931bb

    SHA256

    8ff8d85ab087d2a01e99e4366c97c021b3f2683112aec7673d5265ff44836150

    SHA512

    66643f4f20da46d268b3f1425bed73b72e8eed74ba8114f566c3ee28180c5d140413e32389cc353c48f83c56c956e9c5a2d71dc52f9e11721d53d42e49405372

    Download Submit