e8968f974bfe3b721872a7ccdc5c1500d724faeb1ebe282a8653f53ad82d0810

Analysis

max time kernel
1s
max time network
4s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
15-10-2024 17:48

Target

xniggerskid.pyc
Size

261B
MD5

4ba8992ac1a860b67dc4cd889cd9dfd6
SHA1

df03e88a9763fa5dc803f31164258db6257f61ba
SHA256

e8968f974bfe3b721872a7ccdc5c1500d724faeb1ebe282a8653f53ad82d0810
SHA512

e174dd2582421506c40633e8af0582be6ef3132d6f92c4a646b2e6f5cf7a08b35f23f44b37818c44f7c1f652d9ae757e0fc6cdb3c25d8cb08b5ee0cbf432f420

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 2812	2092	cmd.exe	31
PID 2092 wrote to memory of 2812	2092	cmd.exe	31
PID 2092 wrote to memory of 2812	2092	cmd.exe	31

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\xniggerskid.pyc
1⤵
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\xniggerskid.pyc
  2⤵
  PID:2812

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact