Overview

overview

10

Static

static

10

danger-mul...ain.py

windows7-x64

3

danger-mul...ain.py

windows10-2004-x64

3

danger-mul...11.exe

windows7-x64

7

danger-mul...11.exe

windows10-2004-x64

8

danger-mul...rt.bat

windows7-x64

8

danger-mul...rt.bat

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    03-12-2024 10:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    danger-multi-tool-main/src/main.py

  • Size

    13KB

  • MD5

    c48f27c10efb969ac31147a787860fb9

  • SHA1

    611c119923825407e300cc86ec258669b0224ebd

  • SHA256

    984c5a8704a16386a31fb31f903da7c24a7b67c224906be88039ea15ead84286

  • SHA512

    fd23d04786f93d5e2440912b71d83df15b100e2bd286e68e32cfb7ce23eb9f346c531fe822fc953c1eccbaf6395b63acc7697851ebc608834e5852a15056141c

  • SSDEEP

    384:MG87mbbEB8IXCa7bujRs8pWS+QinACIBadXGxuapdBeYyil4TKl17+Ryf3urqpMG:MG+mba8IXCa7bujRs8pWS+QinACIBad+

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\danger-multi-tool-main\src\main.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2428
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\danger-multi-tool-main\src\main.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2668
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\danger-multi-tool-main\src\main.py"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2996

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    aa3ce1ca1684b519fd32e6232a91e8e8

    SHA1

    741ad33d8a68f3c12239f3d07553a75165b7ebf9

    SHA256

    24cfdecb8b53964094200aa31a1e240bd9b6e1b05fb6dc5528bc5048d573de9d

    SHA512

    ac9dee16cbe97af11271d346bb9e680ac6aae88dee110c7d5d1a7c5c505db174205f9d0d2e9a602716ca1f2110746cc74140ee1b605f0b4dd55b8304a62dc214

    Download Submit