Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
16-07-2024 19:30
General
-
Target
main.pyc
-
Size
437B
-
MD5
e3a83cc96bc468e8ed5e99b61ab1b08c
-
SHA1
fc094fba9141e8ace98cce0309e1472b2471b631
-
SHA256
893f6af6a7c380817dd8a1e5f63e72225b82c9775dc8ca40a449ed86c0427932
-
SHA512
6d629486b39cef47bd2ce9b79ff792eebee83e4bdcbb30a756aabcbce75473a732ce2f3e89f0d200a4f9dc98765ce07538a9737cd428b2b372a6d36f4e78630d
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\main.pyc1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\main.pyc2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\main.pyc"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5d64ee665f7b1a284bf1458cfae120593
SHA153de424df65953c3d1aa270b91ccc49f22cc4d0b
SHA256a4e9b41648d04a4407242c2577c6e16f33fb83000525293633e4c5ac6eb1b470
SHA5122fce11e8d7048a25184d7d4684ce28af60f3978b63d6c90fe5e3754120eae25f1084da2950c95b870095bf467ded747976c481d6173f0d8463b7cf9dd640260b