Overview

overview

10

Static

static

6

CyberDEV C...nd.pyc

windows7-x64

3

CyberDEV C...nd.pyc

windows10-2004-x64

3

CyberDEV C...er.pyc

windows7-x64

3

CyberDEV C...er.pyc

windows10-2004-x64

3

CyberDEV C...or.pyc

windows7-x64

3

CyberDEV C...or.pyc

windows10-2004-x64

3

CyberDEV C...nts.js

windows7-x64

3

CyberDEV C...nts.js

windows10-2004-x64

3

CyberDEV C...ute.js

windows7-x64

3

CyberDEV C...ute.js

windows10-2004-x64

3

CyberDEV C...yed.js

windows7-x64

3

CyberDEV C...yed.js

windows10-2004-x64

10

CyberDEV C...le.pyc

windows7-x64

3

CyberDEV C...le.pyc

windows10-2004-x64

3

CyberDEV C...on.pyc

windows7-x64

3

CyberDEV C...on.pyc

windows10-2004-x64

3

CyberDEV C...ey.pyc

windows7-x64

3

CyberDEV C...ey.pyc

windows10-2004-x64

3

CyberDEV C...ot.pyc

windows7-x64

3

CyberDEV C...ot.pyc

windows10-2004-x64

3

CyberDEV C...to.pyc

windows7-x64

3

CyberDEV C...to.pyc

windows10-2004-x64

3

CyberDEV C...ls.pyc

windows7-x64

3

CyberDEV C...ls.pyc

windows10-2004-x64

3

CyberDEV C...ver.js

windows7-x64

3

CyberDEV C...ver.js

windows10-2004-x64

3

CyberDEV C...nt.pyc

windows7-x64

3

CyberDEV C...nt.pyc

windows10-2004-x64

3

CyberDEV C...on.pyc

windows7-x64

3

CyberDEV C...on.pyc

windows10-2004-x64

3

CyberDEV C...__.pyc

windows7-x64

3

CyberDEV C...__.pyc

windows10-2004-x64

3

Resubmissions

14/08/2024, 05:47

240814-ggy1jsxfkf 10

14/08/2024, 05:40

240814-gc194ssdjn 6

Analysis

  • max time kernel
    1358s
  • max time network
    1148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-ja
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-jalocale:ja-jpos:windows10-2004-x64systemwindows
  • submitted
    14/08/2024, 05:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CyberDEV Client/lib/selenium/webdriver/remote/shadowroot.pyc

  • Size

    3KB

  • MD5

    9a6e43648c698d8e00ea626b2487ce97

  • SHA1

    c292ce9d88fe4e3df2ba14c926b290c1c3ca9918

  • SHA256

    b26741176f75f8eaf2cb0c542b1f4fc8d91feacc94b6ec82148de60108ccb529

  • SHA512

    ef32fc445f3c7c883456f5467ccc683041284d73e9c3a61ea9db9a3358fe58001a0505f309500d23981f0e5a2e87ca3021cf8ee53135443c65bd162ab4006ee3

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\CyberDEV Client\lib\selenium\webdriver\remote\shadowroot.pyc"
    1⤵
    • Modifies registry class
    PID:1360
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3988

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads