Overview

overview

10

Static

static

3

NNLoader.exe

windows7-x64

7

NNLoader.exe

windows10-2004-x64

10

Stub.pyc

windows7-x64

3

Stub.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    135s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-08-2024 23:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Stub.pyc

  • Size

    799KB

  • MD5

    1883070249e753167dc78153e2326a4c

  • SHA1

    73c3d759425f21638e9eeaea0972604fe180f77b

  • SHA256

    57ed0a05eaca9932d88e48cad88eba55c103cad705f61fa9052b1d9573328d19

  • SHA512

    f08cd69fd8cc37bdeb3e579c9c6df7dd45fdafa574a7fc74411ef11cbaad06f588dc06b5045da2bfc94244a765fc05cb482a7ab42f5248200ae9ae7690c80cdc

  • SSDEEP

    24576:4DWVygd6NVH/xPY83LYVqnDmi43hOdXgKt:4JgmUqDFX

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 12 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 23 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Stub.pyc
    1⤵
    • Modifies registry class
    PID:3320
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3188
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Stub.pyc
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:116

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads