Overview

overview

4

Static

static

1

.SIGN.RSA....sa.pub

windows7-x64

4

.SIGN.RSA....sa.pub

windows10-2004-x64

3

usr/lib/py...11.pyc

windows7-x64

3

usr/lib/py...11.pyc

windows10-2004-x64

3

usr/lib/py...11.pyc

windows7-x64

3

usr/lib/py...11.pyc

windows10-2004-x64

3

usr/lib/py...11.pyc

windows7-x64

3

usr/lib/py...11.pyc

windows10-2004-x64

3

usr/lib/py...es.pyc

windows7-x64

3

usr/lib/py...es.pyc

windows10-2004-x64

3

usr/lib/py...11.pyc

windows7-x64

3

usr/lib/py...11.pyc

windows10-2004-x64

3

usr/lib/py...11.pyc

windows7-x64

3

usr/lib/py...11.pyc

windows10-2004-x64

usr/lib/py...aw.pyc

windows7-x64

3

usr/lib/py...aw.pyc

windows10-2004-x64

3

usr/lib/py...11.pyc

windows7-x64

1

usr/lib/py...11.pyc

windows10-2004-x64

3

usr/lib/py...11.pyc

windows7-x64

3

usr/lib/py...11.pyc

windows10-2004-x64

3

usr/lib/py...11.pyc

windows7-x64

3

usr/lib/py...11.pyc

windows10-2004-x64

3

usr/lib/py...11.pyc

windows7-x64

3

usr/lib/py...11.pyc

windows10-2004-x64

usr/lib/py...11.pyc

windows7-x64

3

usr/lib/py...11.pyc

windows10-2004-x64

3

usr/lib/py...11.pyc

windows7-x64

3

usr/lib/py...11.pyc

windows10-2004-x64

usr/lib/py...11.pyc

windows7-x64

3

usr/lib/py...11.pyc

windows10-2004-x64

usr/lib/py...11.pyc

windows7-x64

3

usr/lib/py...11.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    245s
  • max time network
    312s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    07/10/2023, 23:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    usr/lib/python3.11/site-packages/ansible_collections/amazon/aws/plugins/inventory/__pycache__/aws_ec2.cpython-311.pyc

  • Size

    36KB

  • MD5

    e4b2a5825b9d1d8bb5b7d43befe60a83

  • SHA1

    c4efb630ab004bfdafa36ff1164c00549a449eca

  • SHA256

    80cfdaeb2f2179dba11376758a6e6d06db13c8cb432936d049a6e446dc0bc553

  • SHA512

    2bccd151cb0bc06c1ecaa39522b77d3601053b7e7569384db317080ddf9bd9c40d8401d5fd305ba987e47019b8edc113364b132609953724bd232be007b6c9a3

  • SSDEEP

    768:e5Fdfj5duRH9UY6ALlCimd3OCdV3cyg+FMQ+pm4F8rzussOa7eN:ebdfj5dG9oKCimd3OCnDRuizuCPN

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\usr\lib\python3.11\site-packages\ansible_collections\amazon\aws\plugins\inventory\__pycache__\aws_ec2.cpython-311.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2532
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\usr\lib\python3.11\site-packages\ansible_collections\amazon\aws\plugins\inventory\__pycache__\aws_ec2.cpython-311.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2492
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\usr\lib\python3.11\site-packages\ansible_collections\amazon\aws\plugins\inventory\__pycache__\aws_ec2.cpython-311.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2920

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    116bb6b0600dcc9af9200c0fa6324b2a

    SHA1

    aa92bbfbbe0f08ee7aa421f2c1ca821f3532843c

    SHA256

    c56c2e56d10f1b7f06057fd989c98f47a18f814943757ac8afad4c4ac036662b

    SHA512

    19228f4b78c88f68844530f49be8a339bbd519cd4d125cd9a4de27509ee3503eff9bdc64fbf0855b36c526a45c119c1fd4370280c6affe8c7f49de5ec6faefa2

    Download Submit