Analysis
-
max time kernel
34s -
max time network
36s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
21-07-2024 17:48
Behavioral task
behavioral1
Sample
ELETRON.CRACKED.exe
Resource
win7-20240708-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
ELETRON.CRACKED.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
22 signatures
150 seconds
Behavioral task
behavioral3
Sample
Stub.pyc
Resource
win7-20240708-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral4
Sample
Stub.pyc
Resource
win10v2004-20240709-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
Stub.pyc
-
Size
876KB
-
MD5
8d73a00dc0d7ea318824901e48f02921
-
SHA1
a83ce61825286f0908f64d9d1fab3c007edb7039
-
SHA256
874d3b1ae43cb4597adb6b4cd4b77621a840263463191e2e34342677003c69cb
-
SHA512
7823abe9bddc5a45a34b2c404dae8f9f4bf628d5a18afeea84a83b6048e935ddc595cb7b9e00fad45dc7d382f8f55c9d6b84a268a8008ee712d727340c079eed
-
SSDEEP
12288:RgWsi7/5Wlwoh852L3ctRrO++Lc7QlmKPfYcNXzz:Ii7/5Wqoh8YzX3fYct
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Software\Microsoft\Internet Explorer\PhishingFilter iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 27e19a5343d2da01 iexplore.exe -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{6DA30097-4789-11EF-9D1F-E662F882523E} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2736 OpenWith.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3184 iexplore.exe -
Suspicious use of SetWindowsHookEx 41 IoCs
pid Process 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 2736 OpenWith.exe 3184 iexplore.exe 3184 iexplore.exe 3324 IEXPLORE.EXE 3324 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 2736 wrote to memory of 3184 2736 OpenWith.exe 96 PID 2736 wrote to memory of 3184 2736 OpenWith.exe 96 PID 3184 wrote to memory of 3324 3184 iexplore.exe 98 PID 3184 wrote to memory of 3324 3184 iexplore.exe 98 PID 3184 wrote to memory of 3324 3184 iexplore.exe 98
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Stub.pyc1⤵
- Modifies registry class
PID:1000
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2736 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Stub.pyc2⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3184 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3184 CREDAT:17410 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3324
-
-