Overview

overview

7

Static

static

3

AIMr.exe

windows7-x64

7

AIMr.exe

windows10-2004-x64

7

autopy.pyc

windows7-x64

3

autopy.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27-05-2024 16:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    autopy.pyc

  • Size

    5KB

  • MD5

    996ba99e569817ce1a8f2a5d88c58781

  • SHA1

    33c135c089ba155ae43072a318b15af0ec6fa681

  • SHA256

    dcc1b90c7a6eab4a6f5abc62d8390fe327f7a51a792c143c6983d0e293fbfcb1

  • SHA512

    305e41e5337f55c93b3f6a478293da2b1273b15ee34f19013237f1bee3794ddd3518d6af51797fea06e94d3416a9dfc7485038e15258170ac08e1ea3fbc5d12c

  • SSDEEP

    96:Y5rM+1hU5zSPCTHafPmgpj6vsbjOPikrn+yxfL9uXL/MtG:6M+1hUYaTHaX1pj60bjOPXn+yxfLUXLh

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\autopy.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2744
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\autopy.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2684
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\autopy.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:1932

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    4e4ed9ba2b40e6bc5878dd5ebd942821

    SHA1

    dadbfc5da18b0009e3819703e5467b214b263c68

    SHA256

    1c1b2fe52a12b517f13eb58e3ae12001e7010ef6de82864d0b23aebd28f9ae4f

    SHA512

    43bf7f815cd04da62e98f1157d67e93fb3e26f74c309aced8e140b2d3d0ef74c615caa98b6683358767321f032d1ee3d0587654bfaae74623a88d2675052251e

    Download Submit