Overview

overview

7

Static

static

3

zumext.exe

windows10-2004-x64

7

dauth.pyc

windows10-2004-x64

3

Resubmissions

02/08/2024, 16:29

240802-tzbzys1ejp 7

Analysis

  • max time kernel
    23s
  • max time network
    18s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-de
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-delocale:de-deos:windows10-2004-x64systemwindows
  • submitted
    02/08/2024, 16:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    dauth.pyc

  • Size

    8KB

  • MD5

    37243c13c1776a2ff70e615de9421dc0

  • SHA1

    fa6a6cb92dd614bdf53fdf46a0e8baeffeba8696

  • SHA256

    176663533861af125b5173a076d960cbf9856835770360c4a2caf7edb70fbe15

  • SHA512

    d938399e7ee0c5d2962a420c40a9c2e00220503322d226518654f313e65841434e45da5ede3daa864d68c3f82e8b9fcb4df024f45f56b659d4342bb053ada752

  • SSDEEP

    192:cVstv5M0UQFqCiDY0+q7IKQMW9vsJbWEc:AEheZU7KQ9vsJbI

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 12 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 37 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\dauth.pyc
    1⤵
    • Modifies registry class
    PID:3680
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:852
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\dauth.pyc
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:3524

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads