Overview

overview

4

Static

static

4

.SIGN.RSA....sa.pub

windows7-x64

4

.SIGN.RSA....sa.pub

windows10-2004-x64

3

usr/bin/an...munity

ubuntu-18.04-amd64

1

usr/bin/an...munity

debian-9-armhf

usr/bin/an...munity

debian-9-mips

usr/bin/an...munity

debian-9-mipsel

usr/lib/py...ect.py

windows7-x64

3

usr/lib/py...ect.py

windows10-2004-x64

3

usr/lib/py...ons.py

windows7-x64

3

usr/lib/py...ons.py

windows10-2004-x64

3

usr/lib/py...ole.py

windows7-x64

3

usr/lib/py...ole.py

windows10-2004-x64

3

usr/lib/py...aws.py

windows7-x64

3

usr/lib/py...aws.py

windows10-2004-x64

3

usr/lib/py...als.py

windows7-x64

3

usr/lib/py...als.py

windows10-2004-x64

3

usr/lib/py...ion.py

windows7-x64

3

usr/lib/py...ion.py

windows10-2004-x64

3

usr/lib/py...to3.py

windows7-x64

3

usr/lib/py...to3.py

windows10-2004-x64

3

usr/lib/py...mon.py

windows7-x64

3

usr/lib/py...mon.py

windows10-2004-x64

3

usr/lib/py...ec2.py

windows7-x64

3

usr/lib/py...ec2.py

windows10-2004-x64

usr/lib/py...ion.py

windows7-x64

3

usr/lib/py...ion.py

windows10-2004-x64

3

usr/lib/py...ags.py

windows7-x64

3

usr/lib/py...ags.py

windows10-2004-x64

3

usr/lib/py...ec2.py

windows7-x64

3

usr/lib/py...ec2.py

windows10-2004-x64

3

usr/lib/py...rds.py

windows7-x64

3

usr/lib/py...rds.py

windows10-2004-x64

3

Analysis

  • max time kernel
    160s
  • max time network
    82s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    07-10-2023 23:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    usr/lib/python3.11/site-packages/ansible_collections/amazon/aws/plugins/inventory/aws_rds.py

  • Size

    10KB

  • MD5

    b23ba9ad23f93c3c2736e2c5c5f5f254

  • SHA1

    e607a175972c39fa0351ba8f8ce547ef54e2f95d

  • SHA256

    db38925bf13113f7604f05778bed3e6c263587f605dfc1005b1fc06c9e015dbd

  • SHA512

    550149298c72e717084ce037a1e5b30a3415b9ea87d08ac43867d1b0cd77fdaae4418733cf8ea5eaf859f6502ac9a52ddc7db9af1de736ff890cb265be4bba44

  • SSDEEP

    192:xuuwk4KQHrnhnBonOHeM1tuWVojYXZuCMGKV5+HD2uLhk:xuusKQHrhKyuoXkCMGY+HD2uK

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\usr\lib\python3.11\site-packages\ansible_collections\amazon\aws\plugins\inventory\aws_rds.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2644
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\usr\lib\python3.11\site-packages\ansible_collections\amazon\aws\plugins\inventory\aws_rds.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2456
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\usr\lib\python3.11\site-packages\ansible_collections\amazon\aws\plugins\inventory\aws_rds.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2348

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    3c79889722d3942b8ce9753f7bd9f2a6

    SHA1

    a8c3f51e2eafdaf15af37e216fd0b70ec1524c45

    SHA256

    84ccc0e2287815e2b1e19e6d30519c0b85cdf821489cfb7c57c00bf5706fb77a

    SHA512

    7392bbbd25a65e6e6894ef41b85d5084cc9ad444feba229887de72f963a14fdc619603b5468f84517ef1cee0c185cc20493ce07e3edb0522a8fc9235e6556663

    Download Submit