32abdd2910a308d9db26293a2be62184462ed68595d369b1002a72a614bfea72

Analysis

max time kernel
0s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/06/2024, 00:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Components/process.py
Size

8KB
MD5

bd188d54f63b150b4ed6fad9adb37666
SHA1

f9c8d9abb5d32cbe1b7af8c2cf972dc311010919
SHA256

d4ee3542fbc2453c07b8fa9b2a36d49c46cf892dc1163ee345c6a8ef55921f0c
SHA512

991c7488806f9c5eeb342eedd769c8ad6a13b6a3cff36c76ebea3d721b75925f95add0b3dd36c596b50c8026c89ef3bdd4f268aceb859e19fc461c39d84b1119
SSDEEP

192:Etw1auOoI8I+IQI2Iz2Iym+IyIQICI0IiIgIcI6ISI+ISIKG2I0U0F+05dkIMN0E:m4iE9pV3522EQTq1o4mG

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 3044	2736	cmd.exe	29
PID 2736 wrote to memory of 3044	2736	cmd.exe	29
PID 2736 wrote to memory of 3044	2736	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Components\process.py
1⤵
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Components\process.py
  2⤵
  PID:3044
- - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Components\process.py"
    3⤵
    PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
d1a6f2b919ac1225baa525e69862f7bb

SHA1
974a7ea4009d11e965499008a0c002d481c93172

SHA256
21c37392cf9b690bdd30e70c328bb2af679901d5a230eb4cfbc4494a99850c1f

SHA512
49f23016d62c76ff94a0ffaedd6eca6c25845d1ef020700a64d05c6694ba6933c4c08bbc5fe9e4d12ece7ae42e062fac62bb15a20eb2595c5db2876f8de373ac

Download Submit