Overview

overview

10

Static

static

6

CyberDEV C...nd.pyc

windows7-x64

3

CyberDEV C...nd.pyc

windows10-2004-x64

3

CyberDEV C...er.pyc

windows7-x64

3

CyberDEV C...er.pyc

windows10-2004-x64

3

CyberDEV C...or.pyc

windows7-x64

3

CyberDEV C...or.pyc

windows10-2004-x64

3

CyberDEV C...nts.js

windows7-x64

3

CyberDEV C...nts.js

windows10-2004-x64

3

CyberDEV C...ute.js

windows7-x64

3

CyberDEV C...ute.js

windows10-2004-x64

3

CyberDEV C...yed.js

windows7-x64

3

CyberDEV C...yed.js

windows10-2004-x64

10

CyberDEV C...le.pyc

windows7-x64

3

CyberDEV C...le.pyc

windows10-2004-x64

3

CyberDEV C...on.pyc

windows7-x64

3

CyberDEV C...on.pyc

windows10-2004-x64

3

CyberDEV C...ey.pyc

windows7-x64

3

CyberDEV C...ey.pyc

windows10-2004-x64

3

CyberDEV C...ot.pyc

windows7-x64

3

CyberDEV C...ot.pyc

windows10-2004-x64

3

CyberDEV C...to.pyc

windows7-x64

3

CyberDEV C...to.pyc

windows10-2004-x64

3

CyberDEV C...ls.pyc

windows7-x64

3

CyberDEV C...ls.pyc

windows10-2004-x64

3

CyberDEV C...ver.js

windows7-x64

3

CyberDEV C...ver.js

windows10-2004-x64

3

CyberDEV C...nt.pyc

windows7-x64

3

CyberDEV C...nt.pyc

windows10-2004-x64

3

CyberDEV C...on.pyc

windows7-x64

3

CyberDEV C...on.pyc

windows10-2004-x64

3

CyberDEV C...__.pyc

windows7-x64

3

CyberDEV C...__.pyc

windows10-2004-x64

3

Resubmissions

14/08/2024, 05:47

240814-ggy1jsxfkf 10

14/08/2024, 05:40

240814-gc194ssdjn 6

Analysis

  • max time kernel
    1442s
  • max time network
    1447s
  • platform
    windows7_x64
  • resource
    win7-20240729-ja
  • resource tags

    arch:x64arch:x86image:win7-20240729-jalocale:ja-jpos:windows7-x64systemwindows
  • submitted
    14/08/2024, 05:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CyberDEV Client/lib/selenium/webdriver/remote/errorhandler.pyc

  • Size

    8KB

  • MD5

    3130d50cd4a4be3b523587cc14fe0ab3

  • SHA1

    f38e9bb41695b2cf43f02308d313202077d43607

  • SHA256

    8baa518d72a1fdd8a61d7c6e28b0b2bd709cc4b4ebc6a0c4f57d8cf75ed2620c

  • SHA512

    96b24a4c85953fb26001bf20418aacbd4e68a3d1721ffd68ba4231801d5d36085a3049ea0601b984ad747e07244731119e3605d7fd0cb2e76006b5c9f44b8a50

  • SSDEEP

    192:gi8qUGzqYl8Z9pm+twGPse57RoXyef2V4WT/zLdSf9yd:d8NG+/xxEf2VNIf9g

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\CyberDEV Client\lib\selenium\webdriver\remote\errorhandler.pyc"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2544
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\CyberDEV Client\lib\selenium\webdriver\remote\errorhandler.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2572
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\CyberDEV Client\lib\selenium\webdriver\remote\errorhandler.pyc"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    01e7e5a1d46f35f8be26ba8104e0531f

    SHA1

    9d124a7528da1c7a20db0b258bc9047dc09af094

    SHA256

    5d906b63680c7d09defa18c27a172ffdf96fe4f084387c851380eeae586a8ecf

    SHA512

    413eccad6fc4cf003ac3cb28bbe50f7ca5404e4ebc9258b299c41f38c5fe419727a4d0bbb2a1d40f55d5ffa8752da95e9aa3b0778ef3d10e80b3cd84167e6291

    Download Submit