Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
15-09-2024 17:00
General
-
Target
epigrass-1.5.1/Epigrass/data_io.py
-
Size
6KB
-
MD5
a7181a86ec984c808c1bda9c9ad3a365
-
SHA1
27537598f96d1563451389f36d5e574d8a5c16b2
-
SHA256
f9788549647b1d169bd78848ffae0b1c83fdc7b7f30a10015b86580d89c054b3
-
SHA512
bdca099daae8e60bbb3aa66222af290d86de26a8711257fcb5bc9a68feed1174f12986a71f85929bcb8404956f14f5cbb98ecb4308bc89037706931c41425e1f
-
SSDEEP
192:kqY1+GF48uQ87stAgHHgIgzaoX4R6RtwHb6kDTYVKzMvvG1:G19qEApBRtw7hDiKzp1
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\epigrass-1.5.1\Epigrass\data_io.py1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\epigrass-1.5.1\Epigrass\data_io.py2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\epigrass-1.5.1\Epigrass\data_io.py"3⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5e6f1e8e4161a08bea8d10dcc40872035
SHA1f06e099343ebe1d6b6b1448dd980eb91d1198127
SHA256dc06fccb96949f196083913f05ed9f871e07d92a18b961404302fdd5ec758fc8
SHA5124ed8c897b086a9fdf65b97824de0b71c6cffb35463d344a77eef62203d99e8ad1c9c84e4e943b9cbe3a36d81c882c82d858ff74768516074c861038873292763