Overview

overview

7

Static

static

3

TeddyPcFiles.rar

windows7-x64

3

TeddyPcFil...n).exe

windows7-x64

7

TeddyPcApi...ts.pyc

windows7-x64

3

main.pyc

windows7-x64

3

TeddyPcFil...g.json

windows7-x64

3

TeddyPcFil...b.json

windows7-x64

3

Resubmissions

02-08-2024 17:05

240802-vlzpjaxbrd 7

02-08-2024 17:02

240802-vj9fyssbrr 7

Analysis

  • max time kernel
    52s
  • max time network
    54s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    02-08-2024 17:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TeddyPcFiles.rar

  • Size

    15.0MB

  • MD5

    fbe70824eab9c5a596384ffeca5858b9

  • SHA1

    7da37b0839d96c8442e2680ca197eee357c65de6

  • SHA256

    6fa8356f35968afc15ecb036d17e197dfc310fcd5a42fa952183bd4b5a37fc36

  • SHA512

    c11fd2c598199370d61989ab8b21ac6fa8c067ae15bfc2f98bdb0915ae6d43df80ac511169f5abb7d5a384a6527cdac060cd034773df2723791f7a1ee5b00ef5

  • SSDEEP

    196608:NvsTyJvgyfFvTi5PrYeaDTgT/QSpMDJuMQg6u/LrBD+KbOInvx8T7vA9BhKM8n:knGcEea3+/ZpCJAYDfOAu7qTKh

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\TeddyPcFiles.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3024
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\TeddyPcFiles.rar
      2⤵
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:284
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\TeddyPcFiles.rar
        3⤵
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2928
        • C:\Program Files\VideoLAN\VLC\vlc.exe
          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\TeddyPcFiles.rar"
          4⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:2908
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1728

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/284-24-0x0000000003F50000-0x0000000003F60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2908-33-0x000007FEF4B80000-0x000007FEF4BB4000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2908-32-0x000000013FE50000-0x000000013FF48000-memory.dmp

      Filesize

      992KB

      Download

    • memory/2908-35-0x000007FEF4770000-0x000007FEF4788000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2908-40-0x000007FEF46D0000-0x000007FEF46ED000-memory.dmp

      Filesize

      116KB

      Download

    • memory/2908-39-0x000007FEF46F0000-0x000007FEF4701000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2908-38-0x000007FEF4710000-0x000007FEF4727000-memory.dmp

      Filesize

      92KB

      Download

    • memory/2908-37-0x000007FEF4730000-0x000007FEF4741000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2908-36-0x000007FEF4750000-0x000007FEF4767000-memory.dmp

      Filesize

      92KB

      Download

    • memory/2908-34-0x000007FEF48C0000-0x000007FEF4B76000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/2908-41-0x000007FEF46B0000-0x000007FEF46C1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2908-58-0x000007FEF30C0000-0x000007FEF30E8000-memory.dmp

      Filesize

      160KB

      Download

    • memory/2908-42-0x000007FEF3600000-0x000007FEF46B0000-memory.dmp

      Filesize

      16.7MB

      Download

    • memory/2908-57-0x000007FEF30F0000-0x000007FEF3147000-memory.dmp

      Filesize

      348KB

      Download

    • memory/2908-60-0x000007FEF3070000-0x000007FEF3088000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2908-62-0x000007FEF3020000-0x000007FEF3031000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2908-63-0x000007FEF3000000-0x000007FEF3012000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2908-61-0x000007FEF3040000-0x000007FEF3063000-memory.dmp

      Filesize

      140KB

      Download

    • memory/2908-59-0x000007FEF3090000-0x000007FEF30B4000-memory.dmp

      Filesize

      144KB

      Download

    • memory/2908-56-0x000007FEF3150000-0x000007FEF3161000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2908-55-0x000007FEF3170000-0x000007FEF31EC000-memory.dmp

      Filesize

      496KB

      Download

    • memory/2908-54-0x000007FEF31F0000-0x000007FEF3257000-memory.dmp

      Filesize

      412KB

      Download

    • memory/2908-53-0x000007FEF3260000-0x000007FEF3290000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2908-52-0x000007FEF3290000-0x000007FEF32A8000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2908-51-0x000007FEF32B0000-0x000007FEF32C1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2908-50-0x000007FEF32D0000-0x000007FEF32EB000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2908-49-0x000007FEF32F0000-0x000007FEF3301000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2908-48-0x000007FEF3310000-0x000007FEF3321000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2908-47-0x000007FEF3330000-0x000007FEF3341000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2908-46-0x000007FEF3350000-0x000007FEF3368000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2908-45-0x000007FEF3370000-0x000007FEF3391000-memory.dmp

      Filesize

      132KB

      Download

    • memory/2908-44-0x000007FEF33A0000-0x000007FEF33E1000-memory.dmp

      Filesize

      260KB

      Download

    • memory/2908-43-0x000007FEF33F0000-0x000007FEF35FB000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2908-76-0x000007FEF48C0000-0x000007FEF4B76000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/2908-75-0x000007FEF4B80000-0x000007FEF4BB4000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2908-74-0x000000013FE50000-0x000000013FF48000-memory.dmp

      Filesize

      992KB

      Download

    • memory/2908-77-0x000007FEF3600000-0x000007FEF46B0000-memory.dmp

      Filesize

      16.7MB

      Download