dc4ee6889fa196e9e80f59f9a07ff69aa7dd19d6e0fadac8a7556b73431c532f

Analysis

max time kernel
615s
max time network
1611s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
07/07/2024, 14:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

loader-o.pyc
Size

104B
MD5

e25772901e4bdf1e73aee4d9be3daff1
SHA1

b3808c1b077d390f225edae8a741d77d876c66c4
SHA256

a69f40736e3d5bf7764a4e3eaa12f1152f48e44de795ca5a9659d988beb8ce63
SHA512

f75aad258dd0a2516a8fc0bcfb18b8ea7c51a2b81bc36fe6e697f1f5ab1c485775f8d503878097b9f5eefee28f2f0d0499b695689d845909983615b136e6aac1

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2148	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\loader-o.pyc
1⤵
- Modifies registry class
PID:2304

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...