Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
03-12-2024 10:29
Behavioral task
behavioral1
Sample
danger-multi-tool-main/src/main.py
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
danger-multi-tool-main/src/main.py
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
danger-multi-tool-main/src/utils/__pycache__/cpython-311.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
danger-multi-tool-main/src/utils/__pycache__/cpython-311.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
danger-multi-tool-main/start.bat
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
danger-multi-tool-main/start.bat
Resource
win10v2004-20241007-en
General
-
Target
danger-multi-tool-main/src/main.py
-
Size
13KB
-
MD5
c48f27c10efb969ac31147a787860fb9
-
SHA1
611c119923825407e300cc86ec258669b0224ebd
-
SHA256
984c5a8704a16386a31fb31f903da7c24a7b67c224906be88039ea15ead84286
-
SHA512
fd23d04786f93d5e2440912b71d83df15b100e2bd286e68e32cfb7ce23eb9f346c531fe822fc953c1eccbaf6395b63acc7697851ebc608834e5852a15056141c
-
SSDEEP
384:MG87mbbEB8IXCa7bujRs8pWS+QinACIBadXGxuapdBeYyil4TKl17+Ryf3urqpMG:MG+mba8IXCa7bujRs8pWS+QinACIBad+
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4692 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\danger-multi-tool-main\src\main.py1⤵
- Modifies registry class
PID:3116
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4692