Overview

overview

7

Static

static

3

Bloody/LAUNCHER.exe

windows10-2004-x64

7

Bloody/LAUNCHER.exe

windows11-21h2-x64

7

Bloody/dec...ode.py

windows10-2004-x64

3

Bloody/dec...ode.py

windows11-21h2-x64

3

Bloody/modules.bat

windows10-2004-x64

1

Bloody/modules.bat

windows11-21h2-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/05/2024, 19:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Bloody/decrypted_code.py

  • Size

    11KB

  • MD5

    a59a8764c6b62560e17425281b8bffed

  • SHA1

    f8aae1ee5363576d551c0c9bca9306bd0cb87602

  • SHA256

    a3732d5989dc420ee1fbb6154e7e13d12846658b46bf94d41d89035e4e0079b6

  • SHA512

    a632361dea587c97fc58ac95b747393aea06cd3269571a396c972771a9eaa3d2c57d17ea251014ff8696d0abd721bdace402cbf93bbbf50c48dd927e5d763f3b

  • SSDEEP

    192:ryj2/9pH5KirBZOst95d39g7ay6AhoeYgc0T30VpsF:2jJafdtgnxoeRTh

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Bloody\decrypted_code.py
    1⤵
    • Modifies registry class
    PID:3076
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3292

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads