Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
01-07-2024 12:51
General
-
Target
SilverTribeFree.pyc
-
Size
5KB
-
MD5
21a62bf61dbc401bbf644efe112d28f3
-
SHA1
ec59674da44ab6d12b2d76893a62b30f309f7a25
-
SHA256
b0055d611e706918d79e396ab621a0b7540d6b00d839c85134cfb0966cb15ae1
-
SHA512
34388639bcc4fc98752a8114b58874d273ff45f1085809e7f0ad61d2f9b3b535db9b07926ba2333282d2263e673ece3a66a3df1da0b24b6d9c1ab0039dc0a361
-
SSDEEP
96:Ie96XLq3nESdjNNktEO6LuwyqtTzSxGWWPOswo9QJAceNAKo1rdoKg0+bOWzi9ju:x0StN2EtyqtTvWWaxxKo1rf+KMi4L
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\SilverTribeFree.pyc1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\SilverTribeFree.pyc2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\SilverTribeFree.pyc"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEventsFilesize
3KB
MD5929547072b4ecda8ed0fdbddc96b2b7f
SHA18d3106163bd99cd464ecc7e892e6a1478a9d722d
SHA256aeca73b877d38d7341b216dd50fab4bd874f750bbc765126050319afe01bc9c0
SHA512dc18114b674c9d27c2dc0e2e52ba4c2f39723d14b3c553f4dbdb13ac2301202a1896fd8d8d7eec8280e53135b04a14291b544d8589b8987978c9f4b945b3258b