Overview

overview

10

Static

static

10

malware.exe

windows10-2004-x64

9

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows10-2004-x64

3

Resubmissions

02-01-2025 14:41

250102-r2pmqavqf1 10

02-01-2025 14:36

250102-ryvdssyjam 10

Analysis

  • max time kernel
    93s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-01-2025 14:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    source_prepared.pyc

  • Size

    166KB

  • MD5

    7972b47d608e1e6c4685cfb669b3f6dc

  • SHA1

    96557c7230fa03c719aa02f54257a25631bf372a

  • SHA256

    c3d5fd78de4904b83d393c9eecf1ed9f6f5015446fb304fc5aaaf39b4a1c6bdb

  • SHA512

    0cc91f8b866814d070f5f8015752f07b8ef701454f8a7764e684f60ad4b7ecde61dacac646032d004384ebd99220f0e94bbc0e9a8ab3be5fdd3ab9fb9b03530d

  • SSDEEP

    3072:llYaOO97elBPLG3CoFPZTWZE5Jz/TBIvdXzTsTWS:nYaOO97eKCo6Glbgsv

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc
    1⤵
    • Modifies registry class
    PID:4460
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads