Analysis
-
max time kernel
570s -
max time network
456s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
01-07-2024 17:19
Behavioral task
behavioral1
Sample
Asteroid + Injector 24.5.2.zip
Resource
win10v2004-20240611-en
Behavioral task
behavioral2
Sample
AsteroidPC.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Sources/injector.py
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
Sources/read me.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
injector.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral6
Sample
injector.pyc
Resource
win10v2004-20240611-en
General
-
Target
injector.pyc
-
Size
2KB
-
MD5
648066bdfb5640cf02f7f4675cba8a88
-
SHA1
03c8ea0356349f397ef3449ad5428e01b1e71760
-
SHA256
470933e399da9e02e6e005285e69680a8b0811b3f48b19d174208f19787f8363
-
SHA512
b9420f75f84170f88f0903d98b45bb4b3dd2a004c50f84c5185dfae7bca05624a4af7aff7ea21d18510ea9fb926df522a4350b799a930587605579df47dd99be
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 2032 OpenWith.exe