Overview

overview

7

Static

static

1

cve_2024_6387/386

ubuntu-24.04-amd64

7

cve_2024_6387/aarch64

ubuntu-22.04-amd64

7

cve_2024_6387/amd64

ubuntu-20.04-amd64

7

cve_2024_6387/arm5

debian-9-armhf

7

cve_2024_6387/arm6

debian-12-armhf

7

cve_2024_6387/arm7

debian-12-armhf

7

cve_2024_6...nup.sh

ubuntu-18.04-amd64

7

cve_2024_6...nup.sh

debian-9-armhf

7

cve_2024_6...nup.sh

debian-9-mips

7

cve_2024_6...nup.sh

debian-9-mipsel

7

cve_2024_6387/exploit

ubuntu-18.04-amd64

7

cve_2024_6...oit.py

windows7-x64

3

cve_2024_6...oit.py

windows10-2004-x64

3

cve_2024_6387/mips

debian-9-mips

3

cve_2024_6387/mips64

debian-9-mips

cve_2024_6...ps64el

debian-9-mipsel

cve_2024_6387/mipsel

debian-9-mipsel

3

Analysis

  • max time kernel
    119s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2024 18:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cve_2024_6387/exploit.py

  • Size

    1KB

  • MD5

    bdfe770350fccbb55fadf834fa52e4c5

  • SHA1

    985109c80b184d59c19c83faf0bfe593524b8374

  • SHA256

    1314fbdc8aa6153b27be3373b7cf83dbe0ad0d1dce853c466bf8372f2fe21936

  • SHA512

    1ed063d25a295ae20f0182843339107112760fda99d7d1a2c3fef0fc73a411c689965558675f5100329649de7f8a4940e69e2255e2a5b70adb021f9bfe5cb7fa

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\cve_2024_6387\exploit.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3024
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\cve_2024_6387\exploit.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2480
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\cve_2024_6387\exploit.py"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    16459574e7568a6fadf09176382a271a

    SHA1

    782b1524e558a316cb72dc2c70f7b9e2c92ad5d9

    SHA256

    37c827419e0564fa311f6bfd5668350b72de7125d7a0ed7fee3fd2645608d133

    SHA512

    a62664708a55b208a46456c74248ffe95ce739462b0fcedf51698b721d6b8a0b53f61408ad0d4347b7fd226b52df459c6dd99dc6b95e3951489580fa291b5ef5

    Download Submit