Analysis
-
max time kernel
138s -
max time network
107s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
01-07-2024 02:42
General
-
Target
w4sp-v2-4.pyc
-
Size
45KB
-
MD5
9416bd3645986392c2926fd29d324674
-
SHA1
8d4baadec5e349faab47c012a14c3f902baf6476
-
SHA256
4ab8668d8ca06cdfabf44231bb6a5ab8c18429522955117ff55c881d93409cfa
-
SHA512
6e1c0c479c0244a8ff706ae4ed47c8d630d8cd4e96a6a87db76a0b1d0d64c3137c72f5afcfb85371cfad6bdbc8d51a8d6c84fb72262645491c24cf2186d0b61b
-
SSDEEP
768:i9CYRCJJsXH9rtx/iat10gH3zVo/wfEqBzL1jMmSIhX9UzBQFYCH50kITCes95ZI:AcJsXH9JQw10gjWofECzLVSmeyFL0CZI
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 12 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 23 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\w4sp-v2-4.pyc1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\w4sp-v2-4.pyc2⤵