Overview

overview

3

Static

static

1

advanced-m...ain.py

windows7-x64

3

advanced-m...ain.py

windows10-2004-x64

3

advanced-m...ler.py

windows7-x64

3

advanced-m...ler.py

windows10-2004-x64

3

advanced-m...ber.py

windows7-x64

3

advanced-m...ber.py

windows10-2004-x64

3

advanced-m...mer.py

windows7-x64

3

advanced-m...mer.py

windows10-2004-x64

3

advanced-m...kup.py

windows7-x64

3

advanced-m...kup.py

windows10-2004-x64

3

advanced-m...nfo.py

windows7-x64

3

advanced-m...nfo.py

windows10-2004-x64

3

advanced-m...aid.py

windows7-x64

3

advanced-m...aid.py

windows10-2004-x64

3

advanced-m...nfo.py

windows7-x64

3

advanced-m...nfo.py

windows10-2004-x64

3

advanced-m...mer.py

windows7-x64

3

advanced-m...mer.py

windows10-2004-x64

3

advanced-m...12.pyc

windows7-x64

3

advanced-m...12.pyc

windows10-2004-x64

3

advanced-m...12.pyc

windows7-x64

3

advanced-m...12.pyc

windows10-2004-x64

3

advanced-m...kup.py

windows7-x64

3

advanced-m...kup.py

windows10-2004-x64

3

advanced-m...sdm.py

windows7-x64

3

advanced-m...sdm.py

windows10-2004-x64

3

advanced-m...ger.py

windows7-x64

3

advanced-m...ger.py

windows10-2004-x64

3

advanced-m...up.bat

windows7-x64

1

advanced-m...up.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09-08-2024 19:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    advanced-multitools/plugins/Tokenraid.py

  • Size

    6KB

  • MD5

    8c108b06be65e6a1ce5a78abbd85064c

  • SHA1

    58869e922c0695fd58d68796929c19e473b85cf7

  • SHA256

    6ff2b9b1c179f9f25c4ec4985768fbafe047b034a1997fb57a7f2aa9c07c439e

  • SHA512

    b38b7f21837b9c2bd2c4707b6e9f931c6c3d6bf526d73e77a31e1a3b0156447f53b4eabf67fac92f03011785a904f2071522b3aab9ed92125c80e283b4c763b9

  • SSDEEP

    192:fce5Uv5IjghWCkzMavnyQ764QCG8HDh4xmXw:fGijxMavnJW4rBaAA

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\advanced-multitools\plugins\Tokenraid.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\advanced-multitools\plugins\Tokenraid.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2764
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\advanced-multitools\plugins\Tokenraid.py"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    2cb9e60220605966f7b5a245fa674405

    SHA1

    a7c4f4c0da1be989c0657b6b330f5eb3067e9169

    SHA256

    b70b02a8777be41f96cb8bea5e7b243ac47461b47b94ad9a6705a356b1083ed0

    SHA512

    8e6560c2982dd83662a9678459fe9d883d16e34639b0889ae0f858aec1a2aea04d9cf594c36ccd5bec8605d6594b52d099019a4461b10541b9379c2f06358a97

    Download Submit