Overview

overview

4

Static

static

1

.run.py

windows10-2004-x64

3

.run.py

windows11-21h2-x64

3

.run.py

debian-12-armhf

1

.run.py

ubuntu-24.04-amd64

3

BotMD-V5.py

windows10-2004-x64

3

BotMD-V5.py

windows11-21h2-x64

3

BotMD-V5.py

debian-12-armhf

1

BotMD-V5.py

ubuntu-24.04-amd64

3

python-3.1...64.exe

windows10-2004-x64

4

python-3.1...64.exe

windows11-21h2-x64

4

python-3.1...64.exe

debian-12-armhf

python-3.1...64.exe

ubuntu-24.04-amd64

Analysis

  • max time kernel
    63s
  • max time network
    65s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-08-2024 11:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .run.py

  • Size

    30KB

  • MD5

    f49b29c904241bec959e8ce3e8f3bfc8

  • SHA1

    0a116261ba6e03236779f38920f0f1e56d1f493e

  • SHA256

    89242a06d7341a28ad032fb191aa04e8f98321ffcf89174d899c45537a9ab731

  • SHA512

    f8c7cb17d1fcf6241f31f0bf629c6e16bcc4ccc348e55f49be5026a741f32950a2f6f1b853ab426847777c34dedd6646a32565f13e5bfa70c5bb3db6593958d8

  • SSDEEP

    384:I5PS0RA6il069EJpP9Gzp0RA6ilbRHCpNhon+Q4h1udipuHxEflxxC4AnJ6ZeGUb:IxT169spP9eQcRKw

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\.run.py
    1⤵
    • Modifies registry class
    PID:5020
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads