Analysis
-
max time kernel
67s -
max time network
69s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
23/05/2024, 14:29
General
-
Target
Builder.pyc
-
Size
261KB
-
MD5
88e7c431909e81ba2277549fc723c330
-
SHA1
cb56b68d13499c3918892f4edfbe3dfaa4de68d0
-
SHA256
8a8c154099668d750b23d09c398594572501382ac28c1605d164f7b745dbf499
-
SHA512
3fc3b4a9d7ceab2b4fd8855c5b05fe9df3add797ef3fa9b44e0c7ff03162358cfd1ce356e352f7cb4a89099b3bfd6f58103b53656b856daef5d5a4aeb03dcd31
-
SSDEEP
3072:6zDI4ykuQA8BnPZ05DTvtIM/zQ8J7sdd3:ixykuL8BnPW5nFIMrQ8Jwdp
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious use of SetWindowsHookEx 11 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Builder.pyc1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Builder.pyc2⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4024,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=3936 /prefetch:81⤵