Analysis
-
max time kernel
117s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
15/09/2024, 16:55
General
-
Target
epigrass-2.0/Epigrass/Ui_cpanel4new.py
-
Size
32KB
-
MD5
ea6c86046917490dd4a0c4e804058340
-
SHA1
be4b439e3ce91bc1b7ce2a15c1da217ae1b76d42
-
SHA256
87029811774cee500c6a7705c9e55159509aa4002d2a9b021cdf19ed775fb80b
-
SHA512
973fa18893cb901655f435dee62919cad1eb5d73155305362854c9b60ea8d4e75b72b729bc92271e897fa2d87f020a5edfc8737621e2837019962a5778a5ec1d
-
SSDEEP
384:NAc+G72lN/24kCTY4dAjZs393wG3PqFZf3QvDDPRkfQqJfQ9bLIhVD3Cex3Zmm:NArs4dIQqxDIm
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\epigrass-2.0\Epigrass\Ui_cpanel4new.py1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\epigrass-2.0\Epigrass\Ui_cpanel4new.py2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\epigrass-2.0\Epigrass\Ui_cpanel4new.py"3⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD572ee2838f5db8180cf06a51c5e7ca7fb
SHA1092c39759460f12e7eae5c06262ce52df285f2df
SHA2561abe2383ad864542344cb1a103544699cbc8a722296c86991204cc58fd2bd9c4
SHA5125dec2544a6b67244288285a86614091a864a22f5f8c33e824c13ee275792eadb21da12d347fefa80491e26ef80716760017fff73a592f7225b13bd3040f5b0c8