Analysis
-
max time kernel
120s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
06/06/2024, 16:40
General
-
Target
CollapseLoader-1.2.5/collapse/utils/Selector.py
-
Size
2KB
-
MD5
2bd0e988912c7918c9ac211c8de121da
-
SHA1
f8470357718d9455013138382644ebf18c3d45c4
-
SHA256
91fbd9fbcf53c393c367d828cb51c438ff7bb81083d78d5ba690b989afb7f294
-
SHA512
551182495586bcdac56d5f90ba160c94bacdf61130f76fcbfd2f871f2e1f1a9f332ef984bf240603784cefed50e06ca38083477388e4b6131f65f14af0be35c4
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\CollapseLoader-1.2.5\collapse\utils\Selector.py1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\CollapseLoader-1.2.5\collapse\utils\Selector.py2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\CollapseLoader-1.2.5\collapse\utils\Selector.py"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5685eb56b843fd5a30d5bfc003a324738
SHA154dd7e29dea628f5de184993e1dfc46c8ab19c20
SHA2563f06a8832e13c0e4992d749f53550b8a84dca4791dcbc3545c9f804fb2fdae8f
SHA512c1bd76e4c30e194494b086a2baafbfb7b1ead69ce4c3a1125bd181c50d17b732fd1453bd00a2d083e77c7688107f6a204f60503407733e333a0be2928d449508