Analysis
-
max time kernel
52s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
26/05/2024, 03:10
Behavioral task
behavioral1
Sample
main.exe
Resource
win7-20240508-en
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
main.exe
Resource
win10v2004-20240508-en
0 signatures
150 seconds
Behavioral task
behavioral3
Sample
main.pyc
Resource
win7-20240215-en
5 signatures
150 seconds
Behavioral task
behavioral4
Sample
main.pyc
Resource
win10v2004-20240226-en
4 signatures
150 seconds
General
-
Target
main.pyc
-
Size
1KB
-
MD5
5841878eab75458d427a4a0081b02da6
-
SHA1
3203cb889cdcde645a0d7c190be0893432c8b08b
-
SHA256
7609504c4b2ea3bc876ee65fe0863a5e06903885a20975b918b26d9209ff2c7b
-
SHA512
00aea1f568249a9f97698c73567d7f30a0d2a64f5f352480ad27c4bf81158410ba6023df84e7fe10a2007568f2e6d7dc46359134ce542d2c5ed3f39100084a38
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3448 OpenWith.exe -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 3448 OpenWith.exe 3448 OpenWith.exe 3448 OpenWith.exe 3448 OpenWith.exe 3448 OpenWith.exe 3448 OpenWith.exe 3448 OpenWith.exe 3448 OpenWith.exe 3448 OpenWith.exe 3448 OpenWith.exe 3448 OpenWith.exe 3448 OpenWith.exe 3448 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\main.pyc1⤵
- Modifies registry class
PID:1528
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3448
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:81⤵PID:5060