Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
28-06-2024 02:46
General
-
Target
test.py
-
Size
303B
-
MD5
aa0f6e45f3d6dba2285aa8b25f25d76a
-
SHA1
733b9bee1dd681c2483b9a4fc49807f4f5078409
-
SHA256
0781e37b2eab2ac1e940617d98cda0a8dcfc4c0fc8e09196b978ea9b18af255a
-
SHA512
26d3e84704393e57068ccdd7b6a88ef54334c20827d1a3cca3408927341a6c9043c424cf4ab18c1ac0b1207ec646c53257a979f7068896919d006d0340bceead
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\test.py1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\test.py2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\test.py"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5a817a2f2911b13fe63aaaedefc28baff
SHA1ea58353cd6262a5d7a574b87fcafaaa7e438e704
SHA2566b6163e6790b2814e7071e3e26d3e553d16b1669956108264c28f49a714b093d
SHA512f598762c78160e7f5c904611e813465fbeb1649a3f379399619a3353505f082bda5d36718d167bd1d349be5176b2122d338a6d2177f60e1e8313367fbd89f5d8