Overview

overview

10

Static

static

10

flux.exe

windows7-x64

7

flux.exe

windows10-2004-x64

9

discord_to...er.pyc

windows7-x64

3

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows7-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows7-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/08/2024, 19:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    source_prepared.pyc

  • Size

    180KB

  • MD5

    0ed4aed496f1c345e6a8c0ab3f20c287

  • SHA1

    404c6516831fdcb94e55bb0febebd2d77d3f1533

  • SHA256

    a79ec266054d6021d4525cd537e44567ab4aef70a35cab6eb292d24bf1ed92c5

  • SHA512

    69ddf35cb6b328c87762c41eb78e901385bb79bba45cbce84770235d22d515ace01812e20f6d15d58ab9bec0d2a13de6262d8ef350345b6b35a100703d5bac63

  • SSDEEP

    3072:4HvLaFyA9G12Vo8PEtelZN+thZa/TFgzj0SCknW:wWFzJVo88cN+rZa/TFgzjTCr

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc
    1⤵
    • Modifies registry class
    PID:4752
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1756

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads