Overview

overview

7

Static

static

3

Visual V.3...V3.txt

windows7-x64

1

Visual V.3...V3.txt

windows10-2004-x64

1

Visual V.3/README.txt

windows7-x64

1

Visual V.3/README.txt

windows10-2004-x64

1

Visual V.3...V3.exe

windows7-x64

7

Visual V.3...V3.exe

windows10-2004-x64

7

eee.pyc

windows7-x64

3

eee.pyc

windows10-2004-x64

3

Visual V.3...on top

windows7-x64

1

Visual V.3...on top

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    25-05-2024 10:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eee.pyc

  • Size

    10KB

  • MD5

    3c4c0a0f1a28e0bac74cf7325805411b

  • SHA1

    a5cd404eea0ec988531c13dbb46090b21a5b3b86

  • SHA256

    41a9ca2619456563ca7368c78ba5e49991b20ae024fd8e2423397afebdc88bd7

  • SHA512

    7cb7cc571ce3012cb00a5f7a36216a666dc80e44c336bf05dc70d6a509c472eb3b77c8041cccc20fd1c9eb1b1334a8e3911566b7290a0e617dfddd72a5fe1dce

  • SSDEEP

    192:YsxwIW+ybEgKflN7qToSvduxEJCpCi44WSCLLR+:YKg+ybmooWbaR44WSqR+

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\eee.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1960
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\eee.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2756
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\eee.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    d3146769baaa60f520923ec9ce8a644d

    SHA1

    0d7517e86c9011886a0bc3b8d942cbd497c62402

    SHA256

    d24883eaa8d9475014e4ebea4485d34e4ef855c54572d6079186316a20a7972c

    SHA512

    661421668d895b1efe58b010ae6646e026b357b221e30607b027cca06b8fa8f36937e5a9e7f5393064903e5e86825b936fe94d89013b7cbd55a1d7f147943634

    Download Submit