Overview

overview

10

Static

static

10

source_prepared.exe

windows11-21h2-x64

discord_to...er.pyc

windows11-21h2-x64

3

get_cookies.pyc

windows11-21h2-x64

3

misc.pyc

windows11-21h2-x64

3

passwords_grabber.pyc

windows11-21h2-x64

3

source_prepared.pyc

windows11-21h2-x64

3

Analysis

  • max time kernel
    445s
  • max time network
    446s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250410-en
  • resource tags

    arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    16/04/2025, 16:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    source_prepared.pyc

  • Size

    167KB

  • MD5

    168068684c5bd4211f882feec4adf1b7

  • SHA1

    93f9612dd760179e9525043d87d3340fb548f3ab

  • SHA256

    16dfc20383f12b0ed18d177d67c6e69e605b46040fc7a1c4bf67f0d39cddda8b

  • SHA512

    966a13f5d2d9c252f633e59aa7e966e923ed71dbf36bdaff181817bd5d14f4fa49b3b0f1ea4e283502cc8eec8999650f19f5c25fbc0bea5b3e4e1915923ac86f

  • SSDEEP

    3072:AezH0naOO/wqSlDRkoCPZTerfSc6AaZIvdXzm2sTxf:CnaOO/wqS3koJaPAaQsF

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc
    1⤵
    • Modifies registry class
    PID:3484
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4980

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads