Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
-
submitted
30-06-2024 18:00
General
-
Target
Stealer.pyc
-
Size
71KB
-
MD5
08efeae84deaffbb04080369bee72321
-
SHA1
64b8d052041de22e1027bad19b8d50493e2bb467
-
SHA256
6f97d33c902c8b561de53d8fede0e088ea1bc190fbdca5dbf1b7e42d7c62b5e7
-
SHA512
737e6dd9a3c8319e995fc5f391fee2f67ec665d40244d6fc323e1a22dfb5c2e06d0234b0a742acd5deae3aee1d84685fb92519561d5b7c5c7c859edb809e3f61
-
SSDEEP
768:T2zHKg6S6tRXI4MX6SfeD86FHL1WYG1htXTx8fPMBaS1XCZ0AnjtBnrQL4Yuhtb:T2zH76tRXIzJ6WP/xB4S1uF5FrKs
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Stealer.pyc1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Stealer.pyc2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Stealer.pyc"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEventsFilesize
3KB
MD53bcd2c28e672d58086c611d4edeadb6b
SHA165b414b0641f5c7de03158ac6d04a92d4c933c8b
SHA256edaf056300532aa462b3a312f193c50b6ecddbd7d845ad8ea59a02a0148be01a
SHA512b884fd8b5126d617e6e05d3c2d5470d962997127c15970ee144adcc731e081ed3acf70ff469b59e984e312406af390d01ea86950c615aca0db6f2bf09c67a27f