2e980d28c6be548d0a56d93996707332786fa014ea2cae481dd38375a7e6d4ae

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 21:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

guardian2.pyc
Size

2KB
MD5

d9ddbc3982e67e6e29fdfa9b7ed45782
SHA1

a30e91632c73e7c3f835942f68fee399a8772e90
SHA256

82a38bfbdcd5849a43e0df271ca056be1395cd5265a4f7c58d7d6e40b8bd7152
SHA512

4ee1baee0c20c0f1761bc928016e718b2167bbfbf66762ced4755375eff0e539df0ca6c47cd91876c72e18639c7ea5eb1e311b3f2186053c9145336499a01b2b

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Modifies registry class 1 IoCs

Processes:

rundll32.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings rundll32.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

rundll32.exe

pid process

2056 rundll32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings	rundll32.exe

pid	process
2056	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1888 wrote to memory of 2056	1888	cmd.exe	rundll32.exe
PID 1888 wrote to memory of 2056	1888	cmd.exe	rundll32.exe
PID 1888 wrote to memory of 2056	1888	cmd.exe	rundll32.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\guardian2.pyc
1⤵
- Suspicious use of WriteProcessMemory
PID:1888

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\guardian2.pyc
2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:2056

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads