Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
30-05-2024 15:42
General
-
Target
blum_complete_edition.pyc
-
Size
2KB
-
MD5
65ad8d8e2f24c00f9640edf844d8a4db
-
SHA1
d46854245a1b8c2c07b4be7d38cd7900454582ca
-
SHA256
1ead030b24b701e879f538a96c8f71ea744602822bdf01b34fb35676fa5fff1c
-
SHA512
1df4ee5c4b95dceb1d84c3a2c43822f3a9d3a181f75da7d23cb3bd207dcc942730ecb807f9c7e7d18c78662036430742f3e372af6d11dff6b399eb3ac06b1bb5
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\blum_complete_edition.pyc1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\blum_complete_edition.pyc2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\blum_complete_edition.pyc"3⤵
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD53c5304d777bb98bf512cc311003769ed
SHA1d00c8324da7534a5d68955fe3569eb92bf6ba528
SHA256ddc1055f8de66c1a7c485df57a9d7c4cd8a873556008c011a18379266aa6da68
SHA512f17e5d1631d403f9403d92643d5cacb8b77ae58b426a2bb8c93993e470c282d6f5ad9bfc6d278bc02d8fbbd9831eb7346977429a1944bd653876aa0f5b3052cc