Overview

overview

10

Static

static

10

Danger-Mul...ain.py

windows7-x64

3

Danger-Mul...ain.py

windows10-2004-x64

3

Danger-Mul...11.exe

windows7-x64

7

Danger-Mul...11.exe

windows10-2004-x64

8

Danger-Mul...px.exe

windows7-x64

10

Danger-Mul...px.exe

windows10-2004-x64

10

Danger-Mul...rt.bat

windows7-x64

10

Danger-Mul...rt.bat

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    05-10-2024 11:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Danger-MultiTool-main/src/main.py

  • Size

    13KB

  • MD5

    c48f27c10efb969ac31147a787860fb9

  • SHA1

    611c119923825407e300cc86ec258669b0224ebd

  • SHA256

    984c5a8704a16386a31fb31f903da7c24a7b67c224906be88039ea15ead84286

  • SHA512

    fd23d04786f93d5e2440912b71d83df15b100e2bd286e68e32cfb7ce23eb9f346c531fe822fc953c1eccbaf6395b63acc7697851ebc608834e5852a15056141c

  • SSDEEP

    384:MG87mbbEB8IXCa7bujRs8pWS+QinACIBadXGxuapdBeYyil4TKl17+Ryf3urqpMG:MG+mba8IXCa7bujRs8pWS+QinACIBad+

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Danger-MultiTool-main\src\main.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Danger-MultiTool-main\src\main.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2800
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Danger-MultiTool-main\src\main.py"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    4a7f293303211ea8a8c0660b6fc67383

    SHA1

    6fee6cd86a4fb6e8c047f7e66f81958f53f878e1

    SHA256

    83e35255e6f6cd9967aeed8946c90df4a9aee1305095f4deb8e68753e881297f

    SHA512

    76a5085aff4ca83b529ba69924b71fb6debf8140d758d8da18406976cba887f2da169607cc4632928c85bad5478920f09a846b14cbee0b9515cc0704dfa6db8a

    Download Submit