Overview

overview

10

Static

static

10

TR4SH.exe

windows7-x64

7

TR4SH.exe

windows10-2004-x64

7

TR4SH.pyc

windows7-x64

3

TR4SH.pyc

windows10-2004-x64

3

Resubmissions

07-06-2024 16:57

240607-vf8p9abc8s 10

07-06-2024 16:47

240607-vag1cacc65 10

07-06-2024 06:24

240607-g52rcaag9t 10

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07-06-2024 06:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TR4SH.pyc

  • Size

    48KB

  • MD5

    7668979f3a8e3bfb1f6606af4ab81628

  • SHA1

    eb5637b1be97af8da3f323008be971eeb2bab6e7

  • SHA256

    4eb471cb563f610e15443009a2cf93f0dde6e151ab0e05acfab67563e40cadbc

  • SHA512

    78be9b5759530ca7d6e6dd484b6fdda4751126e6eefbc6d5f879a7b9a5d745200fc21799bc7021e170f53db91fd8c0ad4b2f9a5c47b4ee0f330f77d3ef4b03bc

  • SSDEEP

    768:pxu+/nZtgH7+96XVYVxc8X+9xkIsmzw2QqCBpJS68CZxmtreQM3lU0XnW6z:fW+yVicjjTw2QqCjJJatK93BXnWW

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\TR4SH.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2888
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\TR4SH.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2624
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\TR4SH.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    75f700b3e1ba35c53617fcfa83321720

    SHA1

    33df8e23f3a34ae1afaa9bcae7c638f87a5fb341

    SHA256

    9887b980bc98ab7e736181669c421c78ae83af944c82563ea4e196f3d55f6897

    SHA512

    19768e36fce797a32f8ae81f3965b07ebd9f3fdbffa8f1e7c9f4623e1789acb3352f9d5c2c4472be29760f3483572fbbcb9b42cf814b18b3f1fd7e7952ed1aca

    Download Submit