Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
24-05-2024 04:20
General
-
Target
hit.pyc
-
Size
39KB
-
MD5
ac1255f08377c1f99ae8ad3aa11cc125
-
SHA1
ce753f5e9901974ff12f93d2d1e15a2e8b4fe4ce
-
SHA256
a8de917bafd139eef00f547143494870955d602bf29c9e22420b81aab07548a6
-
SHA512
19780f4d3f5761ddc038fc2a68a623d2be82f7ba5fb3f173871a3bdea5bf91e06332411564e63058018b93277a40c8e91c327ed46fba92839b90d791c0fd0eaa
-
SSDEEP
768:X1cOh3bNIIq/chxAb5vl7mFkR9XXZA5NhgZ5S3:XxrNEETA7mwC5Nh+I3
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\hit.pyc1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\hit.pyc2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\hit.pyc"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5fae83a1f11835b33898fa0b30cd94146
SHA1daf4f00d1cbd5ac8d4f07a8494b2aeaffb8f1e56
SHA256131f93851e8448033dc4b47b6ddf3c9076e5b9fd54481e4264d285a35c4d91b8
SHA5122bd9436a2ea0bb1cf7a9814bdee83a8aeb4871a551f0af2c73358c9884c4706bb3711f174b1f4e4300cb4e32a70f8017b190b7d3097a5c717674ca1cbcaa6480