Analysis
-
max time kernel
122s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
-
submitted
15-06-2024 18:48
General
-
Target
Main.pyc
-
Size
11KB
-
MD5
682f537e54a60970a766baa692492a3a
-
SHA1
d58b0f770fb54691468e053035f772eed373bfe6
-
SHA256
37c57cc323026c8d58a5b5223edf383abb59fb3fde87649f1f68f26591ab438b
-
SHA512
47c77d4ba29733760bd5b05a59b8f060a4d032424b3cfdb8bf11a602221c2aacfa1e3c5a8c5affb991a27f63dd657cc75116994fcf6ede9fd841b5029a07f28e
-
SSDEEP
192:qyP30RtMRJ6HsYJ9TUcg+gwlbKqaBhOXx0R021voSEzs1i11111N1111bPQdgd:1kRtogz9Acg+goKTh8x0RxvoSEWi1111
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Main.pyc1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Main.pyc2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Main.pyc"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD58fdb3c82bcd5e24bfc32c098035fddf3
SHA159b5011bdd6a179434824769bb10929b73fce98c
SHA256e7d9f7f6de838fdbc77f813ec24b0748693682020e90cb11a841c2c1de95db62
SHA512bd607bfaad7c4a541d14400278911f05499759c7cd515baa04c1accbc6c782177c382de144554d5ba06919d1320d0157c7931d8de89d05d7f95672aadb5f38c1