Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    31-07-2024 16:55

General

  • Target

    source_prepared.pyc

  • Size

    173KB

  • MD5

    6b78e612c1890a9b4d5d2ef65aba915e

  • SHA1

    32be2fddae71d6db013e456477bda45253fa914b

  • SHA256

    64e3d2880a27d913b02d026f5f227ed0875d265eef0139b5e5a6749632f013da

  • SHA512

    7e0cb34715c1b7b5036cf844c2121162638a43d511ada265e1608ae0b87292d573c60a41610cfa1b15b9b9b68d5e90f84e55902e61e87ab4be7d82a7862842bb

  • SSDEEP

    3072:jrdhk0aOO22A1VSUkosPZTJ0pZyScWaQV+AcwIvdXz/sTWu:jr/k0aOO22ApkoHpL9EAosP

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:588
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1496
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    6aed38e53fa10c9f491df210982ecd3f

    SHA1

    a7be72b2943bfbac13b549b15bca0da8ac63e73b

    SHA256

    02bbaa85697e1d6918cc05c6d1ad921c862f97defec134f23930741e56c605a9

    SHA512

    b5274c90f41fb82fd5f274b86875cf566ee02086f6bfeb5f5f6fd41011b45218c37ca2c59f102c75b36c7d1a688ea9af9a0e9a450ff90e85c3b88fc5a3f78fa9