Analysis
-
max time kernel
16s -
max time network
17s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
19-06-2024 00:32
Behavioral task
behavioral1
Sample
GHUBGEN_[unknowncheats.me]_.zip
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Gen.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
main.pyc
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
How To.txt
Resource
win10-20240611-en
Behavioral task
behavioral5
Sample
base.lua
Resource
win10-20240404-en
General
-
Target
main.pyc
-
Size
3KB
-
MD5
7eb1b7bff244913ab902cc7ce85f1c79
-
SHA1
1f6682ed28052617a9977c19c410262ba83985fb
-
SHA256
7dde036283c0bf884512b7f04c9dbbe48849d797e6fb79f6f732ca0a19d112bd
-
SHA512
aaa1856c89b7d3cdb530f54494f8af1498f81b3b46a614fe421ab52c8909ff1ce7e705c4d261d7270138cf9328b43bad6f4c7de8ec837823355833a704623d04
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 4484 OpenWith.exe