Overview

overview

10

Static

static

10

liarsbar/l...dme.js

windows7-x64

3

liarsbar/l...eam.js

windows7-x64

3

liarsbar/l...DME.js

windows7-x64

3

liarsbar/l...ser.js

windows7-x64

3

liarsbar/l...dex.js

windows7-x64

3

liarsbar/l...til.js

windows7-x64

3

liarsbar/l...nts.js

windows7-x64

3

liarsbar/l...get.js

windows7-x64

3

liarsbar/l...ion.js

windows7-x64

3

liarsbar/l...ter.js

windows7-x64

3

liarsbar/l...ate.js

windows7-x64

3

liarsbar/l...ver.js

windows7-x64

3

liarsbar/l...der.js

windows7-x64

3

liarsbar/l...eam.js

windows7-x64

3

liarsbar/l...col.js

windows7-x64

3

liarsbar/l...ion.js

windows7-x64

3

liarsbar/l...ver.js

windows7-x64

3

liarsbar/l...ket.js

windows7-x64

3

liarsbar/l...ar.exe

windows7-x64

7

liarsbar/l...rst.py

windows7-x64

3

liarsbar/l...DME.js

windows7-x64

3

liarsbar/l...dex.js

windows7-x64

3

liarsbar/l...6.html

windows7-x64

3

liarsbar/l...es6.js

windows7-x64

3

liarsbar/l...es6.js

windows7-x64

3

liarsbar/l...b.html

windows7-x64

3

liarsbar/l...lib.js

windows7-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    16/12/2024, 02:42 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    liarsbar/liarsbar/LBM menu/runfirst.py

  • Size

    17KB

  • MD5

    1108c0f4ef8fe94586896c90345075d5

  • SHA1

    39a1b426a115c91d475df75d13e83e6c72ba6294

  • SHA256

    7790481409657d5e7a22795a30ac5e0390795441aaf5fb078254c2173edf3e07

  • SHA512

    9dd561b1c45aeaf8940f7920fee4bcad8353803a25a4535d6641f4be5570194beccc6ef689fcfdee820340a73c03d8e88b66188ea5cda83cb2e169616ea419bc

  • SSDEEP

    384:GqPkuyDvGSMlWU7ps/zQJRqYfcPU3FCUQvduQGXrrrZZVOi2XeUYn7Rc5KqI:PcuyDOVlWSps/qAYfQU3YYQGXt52XebT

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\liarsbar\liarsbar\LBM menu\runfirst.py"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1952
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\liarsbar\liarsbar\LBM menu\runfirst.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2548
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\liarsbar\liarsbar\LBM menu\runfirst.py"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    3f1da45a7b7748d2003cdbf27b533186

    SHA1

    bf260acbeda06ec071cb0bdadb327ab3c7a0f082

    SHA256

    282fc17ae4b8b4bde1d0cff1574d90afe5ff9e674d0bcf9797a19ad92ed3b804

    SHA512

    ce05926086d7ab1e40791b1e9169564c1f7f8876a0135c6c454dedd19ceae0037374c47d27a401aaea9686819cfb3d309c876a159ada633fd566bbd8a2999c27

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.