Analysis
-
max time kernel
118s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
01-07-2024 02:42
General
-
Target
w4sp-v2-4.pyc
-
Size
45KB
-
MD5
9416bd3645986392c2926fd29d324674
-
SHA1
8d4baadec5e349faab47c012a14c3f902baf6476
-
SHA256
4ab8668d8ca06cdfabf44231bb6a5ab8c18429522955117ff55c881d93409cfa
-
SHA512
6e1c0c479c0244a8ff706ae4ed47c8d630d8cd4e96a6a87db76a0b1d0d64c3137c72f5afcfb85371cfad6bdbc8d51a8d6c84fb72262645491c24cf2186d0b61b
-
SSDEEP
768:i9CYRCJJsXH9rtx/iat10gH3zVo/wfEqBzL1jMmSIhX9UzBQFYCH50kITCes95ZI:AcJsXH9JQw10gjWofECzLVSmeyFL0CZI
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\w4sp-v2-4.pyc1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\w4sp-v2-4.pyc2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\w4sp-v2-4.pyc"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEventsFilesize
3KB
MD519f3f8d789025826666f6cf495cead92
SHA120ac1c66e365172a2e1d164a73db7a961eb46c4b
SHA256c24f2b503dc1abb94141107ad267a02195aeb9e5f5ee5761041573ea67be4502
SHA5120ba4694ce74ed766a68c70eee91f611e383cb801d8be86a13633f9bc703755312798cc89eb2735a3e5f59ef3f2c22a0f5c42439c4f81acb426500900aec99532