Overview

overview

7

Static

static

3

TeddyPcFiles.rar

windows7-x64

3

TeddyPcFil...n).exe

windows7-x64

7

TeddyPcApi...ts.pyc

windows7-x64

3

main.pyc

windows7-x64

3

TeddyPcFil...g.json

windows7-x64

3

TeddyPcFil...b.json

windows7-x64

3

Resubmissions

02-08-2024 17:05

240802-vlzpjaxbrd 7

02-08-2024 17:02

240802-vj9fyssbrr 7

Analysis

  • max time kernel
    83s
  • max time network
    85s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    02-08-2024 17:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TeddyPcFiles.rar

  • Size

    15.0MB

  • MD5

    fbe70824eab9c5a596384ffeca5858b9

  • SHA1

    7da37b0839d96c8442e2680ca197eee357c65de6

  • SHA256

    6fa8356f35968afc15ecb036d17e197dfc310fcd5a42fa952183bd4b5a37fc36

  • SHA512

    c11fd2c598199370d61989ab8b21ac6fa8c067ae15bfc2f98bdb0915ae6d43df80ac511169f5abb7d5a384a6527cdac060cd034773df2723791f7a1ee5b00ef5

  • SSDEEP

    196608:NvsTyJvgyfFvTi5PrYeaDTgT/QSpMDJuMQg6u/LrBD+KbOInvx8T7vA9BhKM8n:knGcEea3+/ZpCJAYDfOAu7qTKh

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\TeddyPcFiles.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1984
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\TeddyPcFiles.rar
      2⤵
      • Modifies registry class
      PID:2932
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2752

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads