Analysis

  • max time kernel
    117s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    01-06-2024 13:54

General

  • Target

    decompiler for malware/Grabbers-Deobfuscator-main/deobf.py

  • Size

    6KB

  • MD5

    95a87ab36477b9ddb04e1a8de347b88b

  • SHA1

    030928f4e8ef389eed7add5d53d7b6ede3208aa1

  • SHA256

    1ba5cfee353c0dcca44b739868d6e90a9cfa8436fbb5cfa4dbdaf03e8e9fc5eb

  • SHA512

    69bb8691ba371ce2faea4f2a5079c05c6694eb2e353f7dad9ff29d0ccd0ccd7597d08ae119b70d6c1173b92a317c10aeb84fe738a489634272a7df5cef342917

  • SSDEEP

    96:AbzxTlCdC+JU8H7s6pd9rng/mpVt/NSMA8RixUb8RisEP5fAoKqRqhp9:AhZ8bvBgmpHTrBsRqRip9

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\decompiler for malware\Grabbers-Deobfuscator-main\deobf.py"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2772
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\decompiler for malware\Grabbers-Deobfuscator-main\deobf.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2556
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\decompiler for malware\Grabbers-Deobfuscator-main\deobf.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    ab1f4136fb88305b9923b2892f7111ce

    SHA1

    273e11522f5f2b5e7f9d53ee5e0906090dcf6891

    SHA256

    aac22fea6ed8418ebabdca9c974c88d1d4cecf3ce4f9e89a086d3d53d0417b40

    SHA512

    4639ce946697ef7896700ccea8890b0699b1e6b6134293d2c526a1917cb6be0263a76f81f43ede4419d339aee1e8e1af60fa8cd57e239bed33a2f26336dbd80b