Analysis

  • max time kernel
    117s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13/09/2024, 15:44

General

  • Target

    thelewdesthouse-pc/lib/python3.9/chardet/__init__.pyc

  • Size

    846B

  • MD5

    f2c5a0e58c1cf8343d3882d170aa7d17

  • SHA1

    75531598e37144114516817b27281726cd399117

  • SHA256

    9227bcdadc20c87a19bacd53be9947a1f70dd6a3d302ae58d2bcafaf658edd3b

  • SHA512

    b9225b50e1dbd189ba002524e382af6f36a335aed50f82392ce986349614dc9fe9aa0a5c877379946a4a874e2cbd72d4952dc181019e65b24bb6bef22c90fe77

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\thelewdesthouse-pc\lib\python3.9\chardet\__init__.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2824
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\thelewdesthouse-pc\lib\python3.9\chardet\__init__.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2640
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\thelewdesthouse-pc\lib\python3.9\chardet\__init__.pyc"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2984

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    50b784b49c8b0fa13b5e77c6e177ccfe

    SHA1

    e472615893138a40bb89f796524899ae678ba325

    SHA256

    4c734b3d2986eed0a4a20036756e7e0d5c4034dd8e8ca48e1ff7f5393297a4a7

    SHA512

    34da43218b9eed1523f4fac9068ff56e791d8f56f508cd9c8a84ad862993708d7d45f8d54a9548906c56189ec23fed2a167e6b485323068b42869872e18fab42