1f0aefeb08926a4be355ae1ab66994e3296196b44c53468fcc5ebf3ac16af0a9

Analysis

max time kernel
131s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2024 00:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Stub.pyc
Size

873KB
MD5

ed3be9257cf356147bb4ea0c13027af0
SHA1

7839f02ed1f3145f1f8bae4c180ec477cc91e626
SHA256

179c27f493f671fe4ed7e7fd226a93db507bef7a125e9e2a6386b4c196f13dd0
SHA512

13be7ba642a4cf99badea150b358c8535df5118529152e04704c6b2ae36b63c484c4996567c175ae24f68b71bc450ad2ebc2c5c70f05babfdee8f377d1f4d881
SSDEEP

12288:5HXdGYsKWcRVZUFzT2Ozx6wHnnBu+oZEutxjlia5ErBGfSybtUKEVsHOKwaAc7va:tsYsanczyIBsEgUXeS6KxkVAI8

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5368	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Stub.pyc
1⤵
- Modifies registry class
PID:4756

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4380,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=4128 /prefetch:8
1⤵
PID:2184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads