Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
09/08/2024, 19:51
General
-
Target
advanced-multitools/plugins/massdm.py
-
Size
4KB
-
MD5
355a85e0fe2efdc9d6e1e68a332590bc
-
SHA1
0df3b1db9be77abf34c68b0fec301f127d6d914d
-
SHA256
7548d7deaead134f228ebe85caf406cea952abd67df868f82597db4a7d912d75
-
SHA512
cbc014589634fd676af7db9d98e1fef72e1c8ead8d98f09c079c3863b5040ead50347e5cf8a9f5dc16f08de716109a24380b65ca47e1b3d7acf41d90f8f75d9d
-
SSDEEP
48:35GjHa45imokED6dDpJm2qZ0gxpqep4Y1EWa4qugDGLKNTKpUl:JGjHaGz22Lgxpqep4YHa4qu2WampUl
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\advanced-multitools\plugins\massdm.py1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\advanced-multitools\plugins\massdm.py2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\advanced-multitools\plugins\massdm.py"3⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD59a2725714ea160d435a9fe7e8059b0f9
SHA14241026dd69a9022e61abd0a1a0161b2822b9806
SHA2567492ded0cc6c09643489c1b16ba9322fdd2459e15bbcb4fe3cde374b0ba3c85d
SHA512ea58dcaf96357df28ba2cc5ab13c4c8eb4a9b6139f3c351fcabf968030930120ad24fe0d2e3d245d313727c5627069c62ea6b2a7f327e9381ad0c7de2ba46758