Resubmissions

19-10-2024 05:09

241019-ftdppsyfre 10

19-10-2024 03:13

241019-dqzfwstepa 10

19-10-2024 03:08

241019-dnezgawbmk 10

19-10-2024 03:03

241019-dj3vqstbqe 10

Analysis

  • max time kernel
    1693s
  • max time network
    1491s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    19-10-2024 03:03

General

  • Target

    misc.pyc

  • Size

    4KB

  • MD5

    3eb4ff2a9be2d13ecb7343cf82865294

  • SHA1

    6f9d52b590a15de10dd4589ced7320734371b844

  • SHA256

    5697249c80354c3adbbb6ae7f2068bd5e0ab44ce08def7b1ef168508fb1fb2c4

  • SHA512

    776bc0e43593579b7a82bdf0ed77ba89803111b5651cf222c82a7245cd9a297560e3400dc9fcefbed56a91cde4f786f2d745e931102c4ac8750044f2f5072f63

  • SSDEEP

    96:XSMlhlvSzMPDweHPF8+VB7sHIZGQSWfvmyyZ1k9zBub:iolvSzM0evq+VBXZGQlvmV1k5Bub

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\misc.pyc
    1⤵
    • Modifies registry class
    PID:4436
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2388

Network

    No results found
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls
    1.6kB
    7.3kB
    17
    15
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls
    1.6kB
    7.3kB
    17
    15
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls
    172.4kB
    5.0MB
    3647
    3642
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls
    1.6kB
    7.3kB
    17
    15
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls
    1.6kB
    7.3kB
    17
    15
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.