Analysis
-
max time kernel
0s -
max time network
0s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
16-10-2024 11:14
Static task
static1
collection credential_access defense_evasion discovery execution persistence privilege_escalaiton spyware stealer upxblankgrabber
2 signatures
Behavioral task
behavioral1
Sample
xniggerskid.pyc
Resource
win7-20240903-en
3 signatures
1 seconds
Behavioral task
behavioral2
Sample
xniggerskid.pyc
Resource
win10v2004-20241007-en
2 signatures
1 seconds
General
-
Target
xniggerskid.pyc
-
Size
261B
-
MD5
a33d81f38d6b6b28ea43b94d8bf41727
-
SHA1
eabfd24e588d606ccc762111b03bb4a35086dfe5
-
SHA256
5cddcbe7471dbf7ade394602bb4c64829cf9e7f237d3fa6968e94a99c67a05e3
-
SHA512
880642685573952e91f674e49384b301b5e1cf3c3fd1aacd6bbb1881611d2d4eeaf6c35bf0930411fb1f3ce3603ad317b734aaa25e1390e88934c92b6b2c0f4a
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_Classes\Local Settings rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2128 wrote to memory of 968 2128 cmd.exe 31 PID 2128 wrote to memory of 968 2128 cmd.exe 31 PID 2128 wrote to memory of 968 2128 cmd.exe 31
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\xniggerskid.pyc1⤵
- Suspicious use of WriteProcessMemory
PID:2128 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\xniggerskid.pyc2⤵
- Modifies registry class
PID:968
-