Analysis
-
max time kernel
119s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
16-11-2024 01:15
General
-
Target
capesolo-0.4.11/CAPEsolo/capelib/objects.py
-
Size
11KB
-
MD5
e8bb365fd800ac851f96c749bc8ed910
-
SHA1
dfa1b72f17694d9939bcda116cdcc3c09f8c7adc
-
SHA256
93cc23df76e2e5b113ea7fc9c155d6465cf543527881f0dbdb86a5d722bb835c
-
SHA512
3a4e447e3335d7309b7dc4ecdcac24d55d3ce2472dd89bb6cc61562eada708d5eba641085147639ed817deb8708a475276a48ce4bf76b4e27e55b28661327ccf
-
SSDEEP
192:9Ke3F1H64hqjStV5Xai3bD5c+uqDF7pAxsNBAqPMFMR:9Ke3vH64hqOtV5Xai3/6qhpAx9qPss
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\capesolo-0.4.11\CAPEsolo\capelib\objects.py1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\capesolo-0.4.11\CAPEsolo\capelib\objects.py2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\capesolo-0.4.11\CAPEsolo\capelib\objects.py"3⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5f13dada24961f27fb21fd836b3ef5fb0
SHA1cca906859e90e094fe36b5fb3c10228ca7d96883
SHA25669493dfadf672c0ce16cdd49deb61d4fb49bd061a638fd71a1642343d29899b6
SHA51284758c6751103e31943c4542e199f2639799756ec254cc89d4f45d0455c54567918b64af005fc54dec69ccf0579539dc07c6fa86ed09b6a34440584c9cc48c83