Resubmissions

12-11-2024 03:23

241112-dxl45sxjbk 10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12-11-2024 03:23

General

  • Target

    Source Code.py

  • Size

    6KB

  • MD5

    b8aa439871282435fe23e9fc8b982dc6

  • SHA1

    3cd1425a62afbd2aa49fc528f4d9fac3d0cae728

  • SHA256

    41cb1957be003b597652b9f97ae324366bea9992c2a4ffb88c4346999d54b7df

  • SHA512

    ee78ddf1797f4338eb3269b56fa68270efe7a4cc80a234706eef4bc73b14376864513371dd3116f893fc6ac6a8e86c31b0434edd6ca89ba63a75174b5d6a0a55

  • SSDEEP

    96:Xw1Tw/hL8s/cjbID/HWas5mNPKJ0GPafXcvwtozyJXgv3+YGMyFmnlsP:Aw/hL8s/cjO/H0mNPw8Xcvkoo4uBwlk

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Source Code.py"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Source Code.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2680
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Source Code.py"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2068

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    5aab78537be63911769b7ca5d29492b2

    SHA1

    45f47b2d6b1640a4dbc52e97571b7fe4f3b1f702

    SHA256

    e8dd5dac39814b3d824e3d5f72e7937fcff4e2c0c36c1435c852e402d0867843

    SHA512

    885ac2f12cfd15517d3b5f4e5ddf8d03a9fa846aeea8f9fc83006c8a5b2685861462ed36929bc959f87b046ca29827ac42e2691cb8c4d48f78660848c6cd42d5