Analysis
-
max time kernel
0s -
max time network
0s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
20-08-2024 22:01
Behavioral task
behavioral1
Sample
source_prepared.pyc
Resource
win7-20240708-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
source_prepared.pyc
Resource
win10v2004-20240802-en
3 signatures
150 seconds
General
-
Target
source_prepared.pyc
-
Size
65KB
-
MD5
1dfcaa69d50778d4542ab074f247ae95
-
SHA1
a46d959e7e1595cd85e4d3d8c395544d2d07285d
-
SHA256
fc24eb274252a08db90ec017426ef1af2d98196cf1e3a003f0598e7bc473b154
-
SHA512
00bb1796a9152e7cfc6a49dd46d7e205247adc4bce01b9d5c1e029b869a4deb85de4d096b5a0777531ccee96cab95e60e4c61a15e40106184c2093e89898c4a3
-
SSDEEP
1536:IaigVgJPkBBj1uYCFjUIOihdBsoGwjRQ53:eg2FkBkFwIOCsoD0
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
Processes:
rundll32.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_Classes\Local Settings rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid Process procid_target PID 816 wrote to memory of 848 816 cmd.exe 32 PID 816 wrote to memory of 848 816 cmd.exe 32 PID 816 wrote to memory of 848 816 cmd.exe 32
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc1⤵
- Suspicious use of WriteProcessMemory
PID:816 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc2⤵
- Modifies registry class
PID:848
-