Overview

overview

3

Static

static

3

I AM LEGIT...AR.rar

windows7-x64

1

I AM LEGIT...AR.rar

windows10-2004-x64

1

Aimlock.exe

windows7-x64

1

Aimlock.exe

windows10-2004-x64

1

Triggerbot.exe

windows7-x64

1

Triggerbot.exe

windows10-2004-x64

1

bahKV5.py

windows7-x64

3

bahKV5.py

windows10-2004-x64

3

settings.json

windows7-x64

3

settings.json

windows10-2004-x64

3

testing/I ...AR.rar

windows7-x64

1

testing/I ...AR.rar

windows10-2004-x64

1

bahKV5 - Copy.py

windows7-x64

3

bahKV5 - Copy.py

windows10-2004-x64

3

bahKV5.exe

windows7-x64

1

bahKV5.exe

windows10-2004-x64

1

bahKV5.py

windows7-x64

3

bahKV5.py

windows10-2004-x64

3

settings.json

windows7-x64

3

settings.json

windows10-2004-x64

3

testing/ba...opy.py

windows7-x64

3

testing/ba...opy.py

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    19/11/2024, 15:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    testing/bahKV5 - Copy.py

  • Size

    5KB

  • MD5

    6590251f2fe64b8a7720067befdf12e0

  • SHA1

    e806c4daaab5194db4aee47938bcd040906800a0

  • SHA256

    a7c710381653e9de8d7167362e33929d8e83176e7abd69743d475ccbfa5ee08c

  • SHA512

    749a4d1e53a1aa19fdf007a561c6eb03480b4eb11c4e83720ffa2f45cd2cd2b80c8597dc5b8227ba309cbe76dc8e4253003bda7875ae0b332308180793cf01ff

  • SSDEEP

    96:P68XQ2GZyOZbNxhIi8EUrUM0/AZH8Fy7daWlCPpa89FRwkmyN6/ODiRf:CAT30YZH84hCRaOwyNAf

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\testing\bahKV5 - Copy.py"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\testing\bahKV5 - Copy.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2524
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\testing\bahKV5 - Copy.py"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2888

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    1c5110297168b2078f270028a5fd7cb8

    SHA1

    f4d8415881c7e7c1d7a3ee7a166acfd3187e21c1

    SHA256

    c5b89666349fd547735349018a0341df59600fd43562081bc3c1f596b87ca174

    SHA512

    94072a2edb9f5237db0ed2826da88f470d98df298124ef2649e1b8c4cef06d255db576e6922f37f57e04973d9cc44ddd58fd0573daa3c032080ce23ed8c03086

    Download Submit