Analysis

  • max time kernel
    117s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21-06-2024 19:51

General

  • Target

    AKUMA/__pycache__/banner.cpython-310.pyc

  • Size

    2KB

  • MD5

    90f3489c56e68d63f746b6accc9099b4

  • SHA1

    9d57a1dc340abf5e7d1dd9a86248f2571557d92d

  • SHA256

    3c223da173090ea9041f9d9a030164cc17cdb09b301899eff6f39ce4d4a60952

  • SHA512

    2d63df71b00d28b2ac81e0e154026d7dba1a84a032884296b6aa46fa1b02bd49b91109c2adbab7d7bd8544c57ff162b9ecf9134b0aebebc6bae2b7b13dd8f787

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\AKUMA\__pycache__\banner.cpython-310.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2408
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\AKUMA\__pycache__\banner.cpython-310.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2204
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\AKUMA\__pycache__\banner.cpython-310.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:3060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    4a3d03cbd75c7771588194237ade82eb

    SHA1

    791c714b3fd1d79fdae104bcf45e7339e4751c92

    SHA256

    9ed643b4545ae0bf99683dcd7458bd9633263d534a16fb9fe08701b709f4356d

    SHA512

    15033843a854346bd6cfd2ebe9f49d2d834a5da16079a34d9e5206859c2b525171b5d48182c1f9a752ff2d4e7f1656c180864810bc99483df401df36b18e6a10