Analysis
-
max time kernel
430s -
max time network
431s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241211-en -
resource tags
-
submitted
20-12-2024 17:16
General
-
Target
Stub.pyc
-
Size
799KB
-
MD5
4f491a348a821e6aeea2165fed088e61
-
SHA1
9e8f56cf3051d048831863a1062d873f3bdede9f
-
SHA256
a7f0638c056fb677753fefb44ea07b53a6c861593e330cde31e133fc2f23ef9c
-
SHA512
51a17367b09a2592bf2996cb29b8416b6e7363bdaf36934b9835a7b3ced58525c6a3773c7fcc43cd82702f7357d66543666f09d31e7318f8daa427ba9e98f7bd
-
SSDEEP
24576:bgTQUCoDiyPd2403duykvNHzLibie6xVJLUFb:bgTPC8KyNLiWekE
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious use of SetWindowsHookEx 15 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Stub.pyc1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Stub.pyc2⤵
- Opens file in notepad (likely ransom note)
-