Analysis

  • max time kernel
    434s
  • max time network
    448s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241023-en
  • resource tags

    arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    05-11-2024 15:50

General

  • Target

    Discord-QR-Grabber-Bot-main/venv/lib/python3.8/site-packages/poetry/console/commands/__pycache__/init.cpython-38.pyc

  • Size

    11KB

  • MD5

    bae7877d75e3501ccae11335162ae9dc

  • SHA1

    60bf6ece69bda4321eed94878fa888c590046d2e

  • SHA256

    2864f77e46515b84ac2d46bab6f1d709f8906810dee731d9b45b42f11f91c969

  • SHA512

    db8f90028194e4a91d7b0a8632e7c2b217d7e65072ecfb4893982aba78e1c7133c04aa336b9c8404c96924916ae2f015456c0b067962901714cb7cef60952e45

  • SSDEEP

    192:QjIMxj0BM/+oVYln0YruaIsNwPK2uParwhME4i8ZkwRg2HNXD:QjIMxj0BM2oVE0/a3NwPK2ufIfg2dD

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Discord-QR-Grabber-Bot-main\venv\lib\python3.8\site-packages\poetry\console\commands\__pycache__\init.cpython-38.pyc
    1⤵
    • Modifies registry class
    PID:5104
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4160

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads