Resubmissions

13/07/2024, 23:11 UTC

240713-26p46asgld 8

13/07/2024, 20:33 UTC

240713-zb9h7swdpk 8

11/07/2024, 21:44 UTC

240711-1lnj6axfpd 8

11/07/2024, 21:32 UTC

240711-1d16aaxcrf 8

11/07/2024, 21:29 UTC

240711-1b5qpaxcke 8

11/07/2024, 21:25 UTC

240711-z9kmqsvcnm 8

11/07/2024, 21:22 UTC

240711-z7xvaavbrp 8

11/07/2024, 21:20 UTC

240711-z6q1cavbmj 8

11/07/2024, 21:16 UTC

240711-z4v7aawhrd 8

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    11/07/2024, 21:25 UTC

General

  • Target

    Blank-Grabber-main/Blank Grabber/Components/loader.py

  • Size

    634B

  • MD5

    ca35548638710a32f6d4bc1a61a103c5

  • SHA1

    2703967c4376cc2e0ca20191eff97b85989d8310

  • SHA256

    e7dbfe873c719006f28e6526ef54215d7b7598bce5566734c552dab9f1f487e6

  • SHA512

    d1c0839326662b240dfa4bcea7284d261be46e9bb8b03f073e0328e361321f9cdfa740abd4541b2cdc21c806bcd901d3bc3cc36b9f7e0ee6191d189df0533061

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\Blank Grabber\Components\loader.py"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2152
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\Blank Grabber\Components\loader.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1908
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\Blank Grabber\Components\loader.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:1552

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    f183831fe032bf2c832d2153abea2c98

    SHA1

    72d741fde9a41c4c9303464cb63b1cf7387b55e0

    SHA256

    18368777303f5b6754d0d88ba8a692db29ff8ea827645903df19111b94df91ba

    SHA512

    eaa20c19e5a15aa1e9c85c06f89239dcf695a3a2ba07004b6f903188253423d8cd772e31663ef2c3c2e04e88f63a86f419abc30a8a5912062d9ddac6bdea214c

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.