Overview

overview

4

Static

static

4

.SIGN.RSA....sa.pub

windows7-x64

4

.SIGN.RSA....sa.pub

windows10-2004-x64

3

usr/bin/an...munity

ubuntu-18.04-amd64

1

usr/bin/an...munity

debian-9-armhf

usr/bin/an...munity

debian-9-mips

usr/bin/an...munity

debian-9-mipsel

usr/lib/py...ect.py

windows7-x64

3

usr/lib/py...ect.py

windows10-2004-x64

3

usr/lib/py...ons.py

windows7-x64

3

usr/lib/py...ons.py

windows10-2004-x64

3

usr/lib/py...aws.py

windows7-x64

3

usr/lib/py...aws.py

windows10-2004-x64

3

usr/lib/py...als.py

windows7-x64

3

usr/lib/py...als.py

windows10-2004-x64

3

usr/lib/py...ion.py

windows7-x64

3

usr/lib/py...ion.py

windows10-2004-x64

usr/lib/py...to3.py

windows7-x64

3

usr/lib/py...to3.py

windows10-2004-x64

3

usr/lib/py...ec2.py

windows7-x64

3

usr/lib/py...ec2.py

windows10-2004-x64

3

usr/lib/py...ags.py

windows7-x64

usr/lib/py...ags.py

windows10-2004-x64

3

usr/lib/py...ec2.py

windows7-x64

3

usr/lib/py...ec2.py

windows10-2004-x64

usr/lib/py...rds.py

windows7-x64

3

usr/lib/py...rds.py

windows10-2004-x64

3

usr/lib/py...ute.py

windows7-x64

3

usr/lib/py...ute.py

windows10-2004-x64

usr/lib/py...ret.py

windows7-x64

3

usr/lib/py...ret.py

windows10-2004-x64

3

usr/lib/py...ges.py

windows7-x64

3

usr/lib/py...ges.py

windows10-2004-x64

3

Analysis

  • max time kernel
    161s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    08/10/2023, 00:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    usr/lib/python3.11/site-packages/ansible_collections/amazon/aws/plugins/doc_fragments/aws_region.py

  • Size

    503B

  • MD5

    f81051be12c9c68e3f7f45e374379ae4

  • SHA1

    f5a53ca73ba9a73b2e9752a025c10905511a5f22

  • SHA256

    074b3f366d8214f956b0aff167e9940e08ab7fc2f697815eff50021069a8b708

  • SHA512

    efdb6ac0f67ad75952323853617c163e0b1df896b6aa03fb86718f433f9296d0131a06f8df0a81d631ed34cbc35551fb188f7e84cdf18bf6231f3a61b290f870

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\usr\lib\python3.11\site-packages\ansible_collections\amazon\aws\plugins\doc_fragments\aws_region.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2676
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\usr\lib\python3.11\site-packages\ansible_collections\amazon\aws\plugins\doc_fragments\aws_region.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2468
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\usr\lib\python3.11\site-packages\ansible_collections\amazon\aws\plugins\doc_fragments\aws_region.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2496

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    afc85bc9c6e811dae148259030c59ac5

    SHA1

    af9e5b75a1df4e3997f494d6f947475992082c29

    SHA256

    b05513ac9fcfffe8d14fa5dfdfe75f6016d43e7453d0c85167b41832596af920

    SHA512

    fa5d43a16504dfc2c10ff1e59ff99c099b673a80be50b1bdd8234bdb43c266fba6d4fc452720743354da8ab2207843b11da8f95662a8f14a95cd38adb3051adc

    Download Submit