Overview

overview

10

Static

static

3

samples_pcap.zip

windows10-2004-x64

1

25af3ae9f4...ca.exe

windows10-2004-x64

10

payload.pyc

windows10-2004-x64

10

25af3ae9f4...a.pcap

windows10-2004-x64

3

decryptor.exe

windows10-2004-x64

7

decryptor.pyc

windows10-2004-x64

3

Resubmissions

13-07-2024 18:55

240713-xk64bstakj 10

13-07-2024 18:50

240713-xg3xhavfjb 10

Analysis

  • max time kernel
    93s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-de
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-delocale:de-deos:windows10-2004-x64systemwindows
  • submitted
    13-07-2024 18:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    25af3ae9f4ebe5413b0ca1080b69b0ca.pcap

  • Size

    43KB

  • MD5

    ed2d60fd26b288dce7252aed44d9c6a4

  • SHA1

    26c3ee08fc7adc95072a82942d915f359809f294

  • SHA256

    81f7ecbf724f7d43bd6e067c8a072032baf7260ef368bc417036c4f0c0a5c20a

  • SHA512

    84bde1d9fdb2fcd21f465cd4e542336ef92a9cd3a46093d6679d90e087dbc0dd2b50bd9b67c9c0fb00c1d1019772654a62a7d38b0e6cd96915234d827d0a54fa

  • SSDEEP

    768:nfOFfO1fOgfOtwVv+Oh+OJ+Oc+OtpfHpAaVqo:+JV9

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\25af3ae9f4ebe5413b0ca1080b69b0ca.pcap
    1⤵
    • Modifies registry class
    PID:2868
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1568

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads