Analysis
-
max time kernel
24s -
max time network
27s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
20-06-2024 19:00
Behavioral task
behavioral1
Sample
adam.exe
Resource
win10v2004-20240508-en
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
adam.exe
Resource
win11-20240508-en
0 signatures
150 seconds
Behavioral task
behavioral3
Sample
adam.pyc
Resource
win10v2004-20240508-en
4 signatures
150 seconds
Behavioral task
behavioral4
Sample
adam.pyc
Resource
win11-20240508-en
3 signatures
150 seconds
General
-
Target
adam.pyc
-
Size
598B
-
MD5
d5fb3b8596c6a39686c627029eb3ad12
-
SHA1
4fdccf24d01ec4737720558df4d98e62329c142e
-
SHA256
e9bc1a68423dd053505b173dacf5076d3a92d606cc01ba79d75a4d4cde327c7c
-
SHA512
67ccf52eb31b9bd80996076b2463f496b06e90d407229ab68572685dd0733f248c1178f3deca1b5126c6a0bf54fee3db0c26e36da4ce50e0a713fb979dbbaa7c
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
OpenWith.exepid Process 4648 OpenWith.exe -
Suspicious use of SetWindowsHookEx 15 IoCs
Processes:
OpenWith.exepid Process 4648 OpenWith.exe 4648 OpenWith.exe 4648 OpenWith.exe 4648 OpenWith.exe 4648 OpenWith.exe 4648 OpenWith.exe 4648 OpenWith.exe 4648 OpenWith.exe 4648 OpenWith.exe 4648 OpenWith.exe 4648 OpenWith.exe 4648 OpenWith.exe 4648 OpenWith.exe 4648 OpenWith.exe 4648 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\adam.pyc1⤵
- Modifies registry class
PID:2320
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4648