Overview

overview

7

Static

static

3

casaclonerr.zip

windows10-ltsc_2021-x64

1

casacloner...er.exe

windows10-ltsc_2021-x64

7

main.pyc

windows10-ltsc_2021-x64

3

casacloner/casa.py

windows10-ltsc_2021-x64

3

casacloner/main.py

windows10-ltsc_2021-x64

3

Analysis

  • max time kernel
    102s
  • max time network
    140s
  • platform
    windows10-ltsc_2021_x64
  • resource
    win10ltsc2021-20250313-it
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250313-itlocale:it-itos:windows10-ltsc_2021-x64systemwindows
  • submitted
    28/03/2025, 15:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    casacloner/main.py

  • Size

    7KB

  • MD5

    b612a542c83987bf74575c829661eaef

  • SHA1

    47427bc1dcac885077f235916dfd56b05545a9ae

  • SHA256

    f369e9f681260c6fb1fa3bcdc1e527adaa949b07c350ec159737c6755a3fe999

  • SHA512

    d16f3a52ebd94510986e57f41cc3ff917d855f63263fa8cb9a31e20437c1e08f2a5232ba69dd59593c34a4ba43cc6ad28a23319d2783db23dfcde69ef50b8ec0

  • SSDEEP

    96:uaGyUZ9KvrnUHrhPCfEKi52nPSmHLbZR1xu:CyUGvrnULEUDmHLbZrxu

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\casacloner\main.py
    1⤵
    • Modifies registry class
    PID:1820
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1264

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads