Analysis

  • max time kernel
    175s
  • max time network
    177s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    03-08-2024 07:05

General

  • Target

    source_prepared.pyc

  • Size

    50KB

  • MD5

    e58da0bbef9355f009ff86bf7809cc14

  • SHA1

    9e22a02329aec26661eacbd96fbb99eba82350d2

  • SHA256

    f8539465a14dab031915858b8126a6479534d415e39b484d34cf831e6a781baa

  • SHA512

    6c7adb48263a5d50a6fdce5a3ea4dae30b6b7017610d23020f196d8b66c990b12ca7dab4997b7d5ffaeb327e9c624497fa79d7070b22eeea37936baa6ac92c56

  • SSDEEP

    768:HmIqlgJ+8L6r9RNQzJjmlTFcYb1cMpu2RFpq94WUNfAoDBU6kjJFSq:GBgQdN+ETFRpFFzAodkXz

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 29 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc
    1⤵
    • Modifies registry class
    PID:2040
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4188
    • C:\Program Files\Microsoft Office\root\Office16\Winword.exe
      "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc"
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:4576
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:692
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3600

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4576-0-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

    Filesize

    64KB

  • memory/4576-2-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

    Filesize

    64KB

  • memory/4576-1-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

    Filesize

    64KB

  • memory/4576-4-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

    Filesize

    64KB

  • memory/4576-3-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

    Filesize

    64KB

  • memory/4576-5-0x00007FFE684C0000-0x00007FFE684D0000-memory.dmp

    Filesize

    64KB

  • memory/4576-6-0x00007FFE684C0000-0x00007FFE684D0000-memory.dmp

    Filesize

    64KB

  • memory/4576-29-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

    Filesize

    64KB

  • memory/4576-31-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

    Filesize

    64KB

  • memory/4576-32-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

    Filesize

    64KB

  • memory/4576-30-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

    Filesize

    64KB