Analysis

  • max time kernel
    122s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    01-06-2024 13:54

General

  • Target

    decompiler for malware/Grabbers-Deobfuscator-main/utils/deobfuscation.py

  • Size

    2KB

  • MD5

    1c8aa7595dfdeb287c7dd57e7a67b71a

  • SHA1

    f724297b4405e425bbe0888a6ebf3be3b99ded70

  • SHA256

    74db49437d60d5cbb6299c02c42bb496dd65a2b3f0b9fc51c2cebb54d9177ccb

  • SHA512

    8f23e1bb13654f8588b6d3700ef469ea141d4a4abaa76005e941ee1c8dbc75425c7e6880248964b88f3c94d4714f62cf623ca01869d03fcec52b78f3b4ddb67a

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\decompiler for malware\Grabbers-Deobfuscator-main\utils\deobfuscation.py"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:112
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\decompiler for malware\Grabbers-Deobfuscator-main\utils\deobfuscation.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2588
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\decompiler for malware\Grabbers-Deobfuscator-main\utils\deobfuscation.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    22c3f087fdd9a1031c5aa30985be54eb

    SHA1

    f0385818cbb6340af27dd4977ece4dde1fddeff8

    SHA256

    0eac9358d43f49b7c8d5cac64db61904a090925869f4b42ad827ddeae24583a8

    SHA512

    58b175d6987237d30f6ff4465f205d16adacbf0334cae5a493e2592a17b38103909c1866039616f1afe4b4bf66aaa1fe4fe9596e308f2768f3f3213faafa2e8c