Resubmissions

13/07/2024, 23:11 UTC

240713-26p46asgld 8

13/07/2024, 20:33 UTC

240713-zb9h7swdpk 8

11/07/2024, 21:44 UTC

240711-1lnj6axfpd 8

11/07/2024, 21:32 UTC

240711-1d16aaxcrf 8

11/07/2024, 21:29 UTC

240711-1b5qpaxcke 8

11/07/2024, 21:25 UTC

240711-z9kmqsvcnm 8

11/07/2024, 21:22 UTC

240711-z7xvaavbrp 8

11/07/2024, 21:20 UTC

240711-z6q1cavbmj 8

11/07/2024, 21:16 UTC

240711-z4v7aawhrd 8

Analysis

  • max time kernel
    426s
  • max time network
    441s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    13/07/2024, 23:11 UTC

General

  • Target

    Blank-Grabber-main/grabb/Components/postprocess.py

  • Size

    2KB

  • MD5

    bbed9f3d87c4927b2b2bc16a6ec4da51

  • SHA1

    c3bceb8a6fb5207abc75039e5a66afbf8324cd8f

  • SHA256

    72eefc2defd861c48721f235717a0f8de430ea8f2bc290b429cfbdc906ba539c

  • SHA512

    352cd87d379e0a338d44f3933b6b135a36ebe83607157dfe28330ec2c03c6b2bcbbb2d43b1a06487675eea662c76084b3f9777f5b8d0c9132d50869318fc3c78

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Blank-Grabber-main\grabb\Components\postprocess.py
    1⤵
    • Modifies registry class
    PID:1704
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4040

Network

  • flag-us
    DNS
    21.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    27.73.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    27.73.42.20.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    21.236.111.52.in-addr.arpa
    dns
    142 B
    314 B
    2
    2

    DNS Request

    21.236.111.52.in-addr.arpa

    DNS Request

    27.73.42.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.