Analysis
-
max time kernel
1563s -
max time network
1564s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
23-11-2024 06:46
General
-
Target
Project Buu/Project Buu.py
-
Size
8KB
-
MD5
462eb1972b1711ce306e84c6b287141c
-
SHA1
d6f0ca3723a23e474e659c46a5a8a237dbc0af38
-
SHA256
afb4eebadb9704280e1088a8c815787c983f77e95e8998f4c0cd1bb5db05d053
-
SHA512
c341137d941bd59eb9b17a0d0bd198cd0cfa42bdaaf9d8a8a494b708131834df877bcfdb2c82dc1c29a741ae603976b93dd9b03d3ffb0c679367d639a96a489a
-
SSDEEP
96:r0xZ/z+1/CaBA+wFrmOdI/t2zYMczdoS6QS0UDZDUmEwID/Anr5weOkKixpiWWjb:/BSnW1JdBOJhPE//AOeOHiTu8Bv4
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Project Buu\Project Buu.py"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Project Buu\Project Buu.py2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
-