Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25/05/2024, 21:56

General

  • Target

    Vapecracked_by_decends.pyc

  • Size

    44KB

  • MD5

    afb2faeba2b569735b846f69cb6ead22

  • SHA1

    a689e4e63790e6abc2d192a96c669c8efa90dd97

  • SHA256

    4ab8d7afcd37d089249ed9843ee5e39b7a888bdb8c6fb6c6b6008c6c899b42af

  • SHA512

    85ba8c076b6d83246c5f6546beb312203cdb4a511a021d26da0f5f7eeba43a572012c2245c98f8cd23ea9f53e6dafa0e101d3177728685de7a46279abe263b46

  • SSDEEP

    768:n9JW5Lk8biiNW6Qh7i2kHHvxNMHEAN/3HiPcpV3k40GQ7bhksvQZwATDlhLx3Vpb:n9JW9siATRi22vxNsEAN8kKlp7bOs27t

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Vapecracked_by_decends.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2928
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Vapecracked_by_decends.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2660
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Vapecracked_by_decends.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2708

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

          Filesize

          3KB

          MD5

          b212f8132f895adacc150098c46ea1be

          SHA1

          36eb6a21ab9ae246de906191882c085800c30ea2

          SHA256

          fff06ef2519711620d6b04606b6aeef192005ed560e541f0254348db926bc997

          SHA512

          333e22ec5b418070555a0498f04e6f7df6460b8a9ebca508c5ee61fd5b76b38025cab985a0f209e50c247420bf3856c345caa9bbfa6f0246f265a49712c3fb23