Overview

overview

10

Static

static

10

source_prepared.pyc

windows10-2004-x64

3

misc.pyc

windows10-2004-x64

3

source_prepared.pyc

windows10-2004-x64

3

Resubmissions

02-11-2024 14:06

241102-retcdswkax 10

Analysis

  • max time kernel
    1371s
  • max time network
    1159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-11-2024 14:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    source_prepared.pyc

  • Size

    173KB

  • MD5

    48357c1da65e8bbc2b4faef6c59cdd2a

  • SHA1

    4d2e58801c74acdb80aaa37ca532d409575399a0

  • SHA256

    659e2bd2f5e5d6e628caac279fd0d043283f8cd3f74042f069dcf6c4b0cc50d8

  • SHA512

    131f4a8f09463471b50ecf0c30a1e9a328a6945c33c175e21a6f3767dbb87b8a14391c21ffbe6a1b52ab656165beac22ffe3e23bb3751f0835cf562e52d797a4

  • SSDEEP

    3072:XFfLhk0aOO22A1VSUkosPZTJ0pZyScWaQV+AcwIvdXzFsTWu:X7k0aOO22ApkoHpL9EA+sD

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc
    1⤵
    • Modifies registry class
    PID:4944
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:228

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads