Overview

overview

3

Static

static

1

baram-main...iQt.py

windows7-x64

3

baram-main...iQt.py

windows10-2004-x64

3

baram-main...ase.py

windows7-x64

3

baram-main...ase.py

windows10-2004-x64

3

baram-main...ark.py

windows7-x64

3

baram-main...ark.py

windows10-2004-x64

3

baram-main...ize.py

windows7-x64

3

baram-main...ize.py

windows10-2004-x64

3

baram-main...ter.py

windows7-x64

3

baram-main...ter.py

windows10-2004-x64

3

baram-main...ite.py

windows7-x64

3

baram-main...ite.py

windows10-2004-x64

3

baram-main...per.py

windows7-x64

3

baram-main...per.py

windows10-2004-x64

3

baram-main...der.py

windows7-x64

3

baram-main...der.py

windows10-2004-x64

3

baram-main...end.py

windows7-x64

3

baram-main...end.py

windows10-2004-x64

3

baram-main...ort.py

windows7-x64

3

baram-main...ort.py

windows10-2004-x64

3

baram-main...ame.py

windows7-x64

3

baram-main...ame.py

windows10-2004-x64

3

baram-main...ype.py

windows7-x64

3

baram-main...ype.py

windows10-2004-x64

3

baram-main...hon.py

windows7-x64

3

baram-main...hon.py

windows10-2004-x64

3

baram-main...lue.py

windows7-x64

3

baram-main...lue.py

windows10-2004-x64

3

baram-main...ase.py

windows7-x64

3

baram-main...ase.py

windows10-2004-x64

3

baram-main...eld.py

windows7-x64

3

baram-main...eld.py

windows10-2004-x64

3

Resubmissions

05/08/2024, 12:12

240805-pc9v9avhnp 1

05/08/2024, 11:59

240805-n5xwqaygna 3

Analysis

  • max time kernel
    118s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    05/08/2024, 11:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    baram-main/PyFoam/Applications/BinarySize.py

  • Size

    8KB

  • MD5

    c97def296ac0207a09c1e64c67e07f6e

  • SHA1

    057b8c0b55f81f3a1fba848f022a55eb57dcca81

  • SHA256

    4605b9753320f31256376f0ab84eb42db7c8302b10a88812ab5e22ff100de2e6

  • SHA512

    cbc053d383b3043de8d09f089c4b9af0f7985c662e3dca958fd1939fdfd9e1f6b2f9139cca3a37e6dc6a24e5e19c8c39b6181341adf3ae59dc272853fef43abc

  • SSDEEP

    96:36+blxKlg55jM3UH5PQ366Nc3oPpXb2O3QQv0yyYQwwVDO3WyfRJbcqtekJx:36s4li5jM3UH5PQ39Nc3oPpYS08pJ9e0

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\baram-main\PyFoam\Applications\BinarySize.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\baram-main\PyFoam\Applications\BinarySize.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2412
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\baram-main\PyFoam\Applications\BinarySize.py"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2916

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    77cf14c07398b7464a06cef71b308656

    SHA1

    b71b41a4ab36bc1de2a83977f240845b28d54b3c

    SHA256

    0ee384b4f6da5bab1098dcf6a3ef894b189901441cbd9c8db25215ff450be4bd

    SHA512

    503191f557f5650002dea5de2a0192ea10c1105f7313045eb41c3cf921c9dab71eb9b4ecea32b61e4db53c155fa597f309fd428689adb488779b211fe751b44b

    Download Submit