Analysis
-
max time kernel
1320s -
max time network
1143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
02-08-2024 17:18
Behavioral task
behavioral1
Sample
Roblox Wave Injector.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
discord_token_grabber.pyc
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
get_cookies.pyc
Resource
win10v2004-20240802-en
Behavioral task
behavioral4
Sample
misc.pyc
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
passwords_grabber.pyc
Resource
win10v2004-20240802-en
Behavioral task
behavioral6
Sample
source_prepared.pyc
Resource
win10v2004-20240802-en
General
-
Target
source_prepared.pyc
-
Size
185KB
-
MD5
2238391a6ca3bc8e248650966a0caaae
-
SHA1
6fac5649bc5bcdee8ee5e39163fe7ecac0180821
-
SHA256
4e7ebb39ad91d7af1306040466a9ccb8c923932c9ead734a3d3e4a7984a693b2
-
SHA512
d92579b36d47ea3fa791a534329a4fd73084722c458d98d92373b75bf037f31497e679fed26e72ca3695488746b8d1179d1a153f9ce5efd59c396a5bf482d353
-
SSDEEP
3072:wTtkLaiI6A9MmlbJo2PEtelZN+tVZa/zqge6/qPCkn0:wTmWiILHJo28cN+7Za/zqgeqsCh
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 1028 OpenWith.exe