Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    21-06-2024 19:51

General

  • Target

    AKUMA/__pycache__/banner.cpython-311.pyc

  • Size

    2KB

  • MD5

    fa9e7570065300ba5fcf466458bcfe99

  • SHA1

    bddfeb36f7eea22d68d5881846ead9ff2a3639da

  • SHA256

    7c2668dc55f92609c5dbbd1256e43fb7b50cf8a14262aeb9fb853d0a61aa47af

  • SHA512

    c5f4b5998f68e224a121a13779daf6a951bf6624212b5e3d3201a46701c69fce03243e061c861682d7d4be704042de9643b2eb78c7e0b2ad10be7134c69217fc

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\AKUMA\__pycache__\banner.cpython-311.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2868
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\AKUMA\__pycache__\banner.cpython-311.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2624
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\AKUMA\__pycache__\banner.cpython-311.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:1028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    137197bd7a63a2df38a1bd1487270c9c

    SHA1

    e57ee8f943f5ecfb6e2c987db59edfc7f16baa9d

    SHA256

    870bfafa285ccfb913155d0aaa06116360ab4902cd114732af6972789b6775a4

    SHA512

    ab237750bf0f474a86d1edf603c0274a76a4258c57a8c6e965a8ff9ee9ba1254b3a120137a9a0bbb5039fec51ae082ae40a712a38ab792b07ee68f2cc6158daf