Analysis
-
max time kernel
0s -
max time network
1s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
30-06-2024 22:02
Behavioral task
behavioral1
Sample
main.pyc
Resource
win7-20240508-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
main.pyc
Resource
win10v2004-20240611-en
windows10-2004-x64
16 signatures
150 seconds
General
-
Target
main.pyc
-
Size
5KB
-
MD5
31c28bfdc2473537e817198ea7cc061b
-
SHA1
31ead0af32b568c37840ba35103fcf902d829976
-
SHA256
27b8c6a5b42e34451e7373cf41ff3088db12b8e420a7ce45e80d57ebc912481d
-
SHA512
bebea38cfee1a5309a8820dc9aa22165c45ac09a4711044ce935071ebb7df1dead39f330c8ca9c3fecca3a89e119416b11e4023941c4152952068b21c0ffb6a2
-
SSDEEP
96:Tpzx87ZzTVAt/rZx3kNbOCPxYTHBArypCiU/UOCxE9/y:w051uQ+AvpA/iE0
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
Processes:
rundll32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_Classes\Local Settings rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 2436 wrote to memory of 2924 2436 cmd.exe rundll32.exe PID 2436 wrote to memory of 2924 2436 cmd.exe rundll32.exe PID 2436 wrote to memory of 2924 2436 cmd.exe rundll32.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\main.pyc1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\main.pyc2⤵
- Modifies registry class