Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    01-06-2024 13:54

General

  • Target

    decompiler for malware/Grabbers-Deobfuscator-main/methods/luna.py

  • Size

    628B

  • MD5

    4dc7c6571eed771eb45ab42fa8f0d99d

  • SHA1

    c294ac5dfbbffb249ab374a401e1ab6e7e7f8ee2

  • SHA256

    25d160d57794eedd7af90d815a508e78bec72cc418b5e0720c51f4499d6bdeb8

  • SHA512

    a1073f0dd0d0ce2e0aa8b0d03f2ce0302c20439d51d90c3c0f5ae2c8154253e10c09a8dced9f355d6508014a69311bce02c1d5c18ad97b6b53089d0ddbd9cdc8

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\decompiler for malware\Grabbers-Deobfuscator-main\methods\luna.py"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\decompiler for malware\Grabbers-Deobfuscator-main\methods\luna.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2584
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\decompiler for malware\Grabbers-Deobfuscator-main\methods\luna.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    bffa72203655fdb18e7e271291613987

    SHA1

    9752a3f664bbd13d0786559160508d444cf12009

    SHA256

    4f473e61efbf71a54b18ad77ae9187832463aa37d2503f5cc5125f07a73f5243

    SHA512

    164897d3257480b23fadc24bcf79e0112fdfa88e6c0ef7f16b7c3d235302c13c14602bdce03e95cdb0201f924651ca5b993177075fba1f34387da3e991e11747