Overview

overview

10

Static

static

10

IDA/python...nts.py

windows7-x64

3

IDA/python...nts.py

windows10-2004-x64

3

IDA/python...ged.py

windows7-x64

3

IDA/python...ged.py

windows10-2004-x64

3

IDA/python...ges.py

windows7-x64

3

IDA/python...ges.py

windows10-2004-x64

3

IDA/python...out.py

windows7-x64

3

IDA/python...out.py

windows10-2004-x64

3

IDA/python...ble.py

windows7-x64

3

IDA/python...ble.py

windows10-2004-x64

3

IDA/python...x.html

windows7-x64

3

IDA/python...x.html

windows10-2004-x64

3

IDA/python...dex.js

windows7-x64

3

IDA/python...dex.js

windows10-2004-x64

3

IDA/python...and.py

windows7-x64

3

IDA/python...and.py

windows10-2004-x64

3

IDA/python...aph.py

windows7-x64

3

IDA/python...aph.py

windows10-2004-x64

3

IDA/python...bar.py

windows7-x64

3

IDA/python...bar.py

windows10-2004-x64

3

IDA/python...ets.py

windows7-x64

3

IDA/python...ets.py

windows10-2004-x64

3

IDA/python...ing.py

windows7-x64

3

IDA/python...ing.py

windows10-2004-x64

3

IDA/python...ing.py

windows7-x64

3

IDA/python...ing.py

windows10-2004-x64

3

IDA/python...nts.py

windows7-x64

3

IDA/python...nts.py

windows10-2004-x64

3

IDA/python...ump.py

windows7-x64

3

IDA/python...ump.py

windows10-2004-x64

3

IDA/python...orm.py

windows7-x64

3

IDA/python...orm.py

windows10-2004-x64

3

Analysis

  • max time kernel
    1563s
  • max time network
    1576s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07-11-2024 18:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IDA/python/examples/pyqt/paint_over_graph.py

  • Size

    5KB

  • MD5

    53aaba9145878eac2a33b42da64ac193

  • SHA1

    e0845fc0a2029d93cfd6512845a936bdd204479d

  • SHA256

    9a33494a043958113911989ecf613746ec7076c0ccaf923566e218bcff690517

  • SHA512

    f8eb7b7c576ee42baa568ea0204a3e3b845d650792bbe7512d63e1334634d70651bdf1ba103210f435852b0bc2beb6fd4813153c8e848021e1515a101ad6cad7

  • SSDEEP

    96:tRig3nuTtPMocEWocM56N/+FgeHuKyER+/gMBCEcan:niguTteEWocb/vW8/gaCEcs

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\IDA\python\examples\pyqt\paint_over_graph.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1656
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\IDA\python\examples\pyqt\paint_over_graph.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2072
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\IDA\python\examples\pyqt\paint_over_graph.py"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2932

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    ebde129adbbf2d63cb1d3b5f22c1bb1b

    SHA1

    b6f511f9342f984203a469bf9fff37b54daed7d8

    SHA256

    1f68a272185873e4cb9bd0b8ffdaa715cf2724865bd2a9ce712a45ed118ee71c

    SHA512

    caf0405fc1d6482163bb9cdecc1e29e65c26dfb2443654b907638ae22c034ba317a7e2e905d72cbda3dcf6e1823fb951c4d1669420aedc755d29305e380ae15a

    Download Submit