Overview

overview

8

Static

static

8

CollapseLo...in.ps1

windows7-x64

3

CollapseLo...der.py

windows7-x64

3

CollapseLo...ain.py

windows7-x64

3

CollapseLo...API.py

windows7-x64

3

CollapseLo...eat.py

windows7-x64

3

CollapseLo...ner.py

windows7-x64

3

CollapseLo...ats.py

windows7-x64

3

CollapseLo...ata.py

windows7-x64

3

CollapseLo...eat.py

windows7-x64

3

CollapseLo...ker.py

windows7-x64

3

CollapseLo...ger.py

windows7-x64

3

CollapseLo...ogo.py

windows7-x64

3

CollapseLo...ger.py

windows7-x64

3

CollapseLo...RPC.py

windows7-x64

3

CollapseLo...try.py

windows7-x64

3

CollapseLo...tor.py

windows7-x64

3

CollapseLo...ngs.py

windows7-x64

3

CollapseLo...ter.py

windows7-x64

3

CollapseLo...run.py

windows7-x64

3

CollapseLo...cd.ps1

windows7-x64

3

CollapseLo...cd.ps1

windows7-x64

3

CollapseLo...px.exe

windows7-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/06/2024, 16:40 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CollapseLoader-1.2.5/collapse/utils/Selector.py

  • Size

    2KB

  • MD5

    2bd0e988912c7918c9ac211c8de121da

  • SHA1

    f8470357718d9455013138382644ebf18c3d45c4

  • SHA256

    91fbd9fbcf53c393c367d828cb51c438ff7bb81083d78d5ba690b989afb7f294

  • SHA512

    551182495586bcdac56d5f90ba160c94bacdf61130f76fcbfd2f871f2e1f1a9f332ef984bf240603784cefed50e06ca38083477388e4b6131f65f14af0be35c4

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\CollapseLoader-1.2.5\collapse\utils\Selector.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2660
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\CollapseLoader-1.2.5\collapse\utils\Selector.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2520
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\CollapseLoader-1.2.5\collapse\utils\Selector.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2448

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    685eb56b843fd5a30d5bfc003a324738

    SHA1

    54dd7e29dea628f5de184993e1dfc46c8ab19c20

    SHA256

    3f06a8832e13c0e4992d749f53550b8a84dca4791dcbc3545c9f804fb2fdae8f

    SHA512

    c1bd76e4c30e194494b086a2baafbfb7b1ead69ce4c3a1125bd181c50d17b732fd1453bd00a2d083e77c7688107f6a204f60503407733e333a0be2928d449508

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.