96a240392116354dcdd8c438f81e45be045a5d28c12c9b3713586866feff3580

Resubmissions

23/02/2025, 19:51

250223-yktcxawlap 10

23/02/2025, 19:48

250223-yjllnswkhj 10

Analysis

max time kernel
7s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
23/02/2025, 19:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

main.pyc
Size

7KB
MD5

489212982cbd743631baa40421deaddf
SHA1

c50adb17137ffd5332d7a4e1e4c921f4060851d5
SHA256

76fb43ce5d2cc6432a8c073e8e2dc9c6d17e31986139729b8481f32466194010
SHA512

befb6e70de9c416a698c9de763e0774ce5b5d93c1961ba49bb86e1f4644e44f09ead3bcc9bf6c6255ffb6d71c919365595444c260287a2e37f38d97ff5ce118e
SSDEEP

192:wwb2kbMD8kyNWdXwFeWY/6ydE48+vJhwMMdwsFLnw:xqkbS2WuFQikhR2MPsw

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1100	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\main.pyc
1⤵
- Modifies registry class
PID:4852

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...