Overview

overview

7

Static

static

3

main.exe

windows7-x64

7

main.exe

windows10-2004-x64

7

main.pyc

windows7-x64

3

main.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26-05-2024 10:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    main.pyc

  • Size

    236KB

  • MD5

    b556c0ceb922f05fc2c7ae553c4e3e90

  • SHA1

    1fdcd5200868bc4e7ad6fbb572093e89ba884221

  • SHA256

    7b54bb942f54af4e9120aea53a65f18ba88b4a87eca5783715c3527ad9f3123b

  • SHA512

    d50bfae40ff4ea0b2821e22fa08db2acb1871e046aa96594ca2993fd3711f0a208f41a19ccfedfca0bf0a44a4a6b5e0521ea753cc982767775a1646e007bcc53

  • SSDEEP

    6144:+oKfcTTTTTJTTTJov4JOh6GF+qH+gfKOdx1cs9ZIs0E:+DcTTTTTJTTTJolfbEOdfcs9ZIs0E

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\main.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1936
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\main.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2528
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\main.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2460

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    64bd7484b30fefc408cc756a88265822

    SHA1

    36ed78ede8e06c60d82983843e7aeac627cc03e1

    SHA256

    f39c6920c68a7703023e1cf89a6898d5644189d65ffbc8aab2b82c91b240fe51

    SHA512

    520624a6ba493f8d590ac53963645b05dd1025fc08169fb473dd8726e05fdbcb4d5956a308365b2c7b9b930c2d3d1f0067447a879aa1d81f8ac8357150a389ab

    Download Submit