Analysis

  • max time kernel
    360s
  • max time network
    362s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    01-08-2024 09:02

General

  • Target

    source_prepared.pyc

  • Size

    168KB

  • MD5

    302984737b755a0c0647529e4e06a5d6

  • SHA1

    903e63cc9b56085f3cfb9765c74ee591ae845cda

  • SHA256

    3353718942012ab87f9cb1a700a744599e968993c7673ed7948667ebd5c407c5

  • SHA512

    3169fdb3a26a4df9ff308d8692accb709d50be28f6ea92f9ec1ebf7bbede0baa897be91cae65de20074b4c72798e40c7952fd30a38d331efa24035a566993f05

  • SSDEEP

    3072:sbf5aOO2UaSMS46o4PZTJ0pZXScT0wfxIvdXzusTWP:sr5aOO2UaSc6ojpUY0wfdsS

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1708
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1388
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    4803f3d62ade66f9f51d307de0d5416f

    SHA1

    ab96aab565a133d9a063c2182ffdb4a2722115b4

    SHA256

    cee23bd51860008c520c42c86091d9cb8e1637e6b84229f7a5ff6bc89e2e3b37

    SHA512

    6c94e9a7f774b6521744c798616ea80d4564af7bdb8dc56adcba9a1f8d3f241c56688f5cda6fe83314cd679c955eacace2ac0bdab667f2d1dfa78ad9786a067f