Analysis
-
max time kernel
18s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
12-10-2024 15:02
General
-
Target
main.pyc
-
Size
7KB
-
MD5
1af89a2b4567a2fe70d0bc9750c840c6
-
SHA1
bcd93a673d00d7f68c89371a3f8f547708d6b0dd
-
SHA256
dcb5ba72546f494d0fc97a1debbcc33b5054136f06802e6d904eb2a2ee65e711
-
SHA512
987fbc5a6acf16c5bb82734cec32529b441ee4a1576ab84d06632e22d7bb8645283bc91ac3cc582eed6394cc22c85cab8a9ee4543052e45b3734f799666fe3b3
-
SSDEEP
192:w4tXHnoOy3D8cnqWdXwAcy0A4hNZJhwLU6Mdw3XfmPnw:9tXokWuDZhF25P3XAw
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\main.pyc1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\main.pyc2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\main.pyc"3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5f85b8abe773fe1a4f595918028cf952c
SHA11fcf0d2be43fd270d74139c8be2553b7eb29c640
SHA256a725a22309fa940ad2d144afc289af534328d8cbbf6a1024822623b74526533b
SHA5123fe9adcfe322d8291511fcde2b21a360e88c7fb62bde0aaed152b79aeeb93aae3b8ecd933af7b490f29f71dd18d13f20fc0a0bd59c6b80c4f62d94fa2bef9623