Resubmissions

14-06-2024 13:16

240614-qhxzbawckn 7

14-06-2024 13:06

240614-qcfg3ssamd 4

Analysis

  • max time kernel
    597s
  • max time network
    618s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 13:16

General

  • Target

    tools/python3/Lib/warnings.py

  • Size

    21KB

  • MD5

    65664338acfad3643546f47f9c15424f

  • SHA1

    54005fb46bc0794fd494923612ac045e87a8994a

  • SHA256

    19a0d2ac72f85e58883c641daf7f3b4fef381fcb80b6980e874e9dbf942614d0

  • SHA512

    3d35bc6177cc50ea12c54c143cbd539a96ca337d1fb144011f34b1eeb3909f3ec61a7538de8517fb21f0eab84946922e0062f527c67d1516cade71d701a4a2e0

  • SSDEEP

    384:VIGjFGnRqmpRXDAr9aue6QkedNr/voix0BWSvs31I:VI4GnRqmUkQiOBDs31I

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\tools\python3\Lib\warnings.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:804
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\tools\python3\Lib\warnings.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2580
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\tools\python3\Lib\warnings.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    c7103ee540d2473536a31cdb930fbb5a

    SHA1

    a69ac6e09bfedaa1fe702dfc6fb0851f97eb683a

    SHA256

    8ceabfca492a9afb8f0fae035a91a917b4432a5a52dd6f6d25f6b0d39bd3c9a0

    SHA512

    7d6f4c1d8793b23b88b39db8da6be447809682de9fc464bbb6fcae0f93aaedd0434f6cf652f582e045bdfa502d818f8a3ddcf13a0864ab840b6de2ddad33e14c