Overview

overview

10

Static

static

10

sim.py

windows7-x64

3

sim.py

windows10-2004-x64

3

Analysis

  • max time kernel
    103s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    22-08-2024 09:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sim.py

  • Size

    21KB

  • MD5

    d8cf28482909e4e47311073574b882d0

  • SHA1

    8da792a7f2ed7419f2636e04e8e010820e5909f7

  • SHA256

    e41ba3b4be2125ee53c53ae76dbdfb5e11938b241e0f2fe25b2d958cb835d80c

  • SHA512

    74f7243d0643f00a961ca680a135ee90ed87479a6db72d788bce42d069c3e5c5a7bb289521e09d13f0b805b23a86f71431eb5a3f8d511ec8c10a83130773ac4f

  • SSDEEP

    384:XRyxbcWV2PQ6H3QnJ1LSEW4/k7CxftVf7K61h7yuL:AxbcWV2PQ6HAntJXKq95L

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\sim.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2948
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\sim.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2816
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\sim.py"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2964

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    75b015c7bb7f80567a8f38a3259c4a43

    SHA1

    1000113b21dc954f297eaa9436eb60362a4dc985

    SHA256

    ac53217337190fefb1b9d627294f1c3b76bba4dd977471b898b526597a1d3a78

    SHA512

    31995299066b738bbf5e51bb188de30fd4778d4b818baf41bb1af4d9b6d8d694ade292ad4d4479fad4d0dd3138207df272e96260b898372badafed1a978576ab

    Download Submit