Overview

overview

4

Static

static

4

.SIGN.RSA....sa.pub

windows7-x64

4

.SIGN.RSA....sa.pub

windows10-2004-x64

3

usr/bin/an...munity

ubuntu-18.04-amd64

1

usr/bin/an...munity

debian-9-armhf

usr/bin/an...munity

debian-9-mips

usr/bin/an...munity

debian-9-mipsel

usr/lib/py...ect.py

windows7-x64

3

usr/lib/py...ect.py

windows10-2004-x64

3

usr/lib/py...ons.py

windows7-x64

3

usr/lib/py...ons.py

windows10-2004-x64

3

usr/lib/py...aws.py

windows7-x64

3

usr/lib/py...aws.py

windows10-2004-x64

3

usr/lib/py...als.py

windows7-x64

3

usr/lib/py...als.py

windows10-2004-x64

3

usr/lib/py...ion.py

windows7-x64

3

usr/lib/py...ion.py

windows10-2004-x64

usr/lib/py...to3.py

windows7-x64

3

usr/lib/py...to3.py

windows10-2004-x64

3

usr/lib/py...ec2.py

windows7-x64

3

usr/lib/py...ec2.py

windows10-2004-x64

3

usr/lib/py...ags.py

windows7-x64

usr/lib/py...ags.py

windows10-2004-x64

3

usr/lib/py...ec2.py

windows7-x64

3

usr/lib/py...ec2.py

windows10-2004-x64

usr/lib/py...rds.py

windows7-x64

3

usr/lib/py...rds.py

windows10-2004-x64

3

usr/lib/py...ute.py

windows7-x64

3

usr/lib/py...ute.py

windows10-2004-x64

usr/lib/py...ret.py

windows7-x64

3

usr/lib/py...ret.py

windows10-2004-x64

3

usr/lib/py...ges.py

windows7-x64

3

usr/lib/py...ges.py

windows10-2004-x64

3

Analysis

  • max time kernel
    151s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    08/10/2023, 00:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    usr/lib/python3.11/site-packages/ansible_collections/amazon/aws/plugins/inventory/aws_ec2.py

  • Size

    40KB

  • MD5

    61628539ed2269e817a36964ae126a30

  • SHA1

    3be89dfba4f7f9092330980019673a6a142e02a3

  • SHA256

    8112d334c0be0daf68d9f28bb771c3ebc887aa27f2b966f2a261a0ed8ee44cc2

  • SHA512

    ebb9e4491b5fb65e2323470ea231ff32692e193f235467cf2f25cf389109238fd76c20a224b2f3ffdbbd7c9b0e32934d65303d6383202288bc6f882383332690

  • SSDEEP

    768:df8z1G5dGRH9XMsYUZSbqkSr/jhXjY5hfDbGUI:A1G5dO9DLZSbqkSr9jY5hLbGUI

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\usr\lib\python3.11\site-packages\ansible_collections\amazon\aws\plugins\inventory\aws_ec2.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2076
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\usr\lib\python3.11\site-packages\ansible_collections\amazon\aws\plugins\inventory\aws_ec2.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2708
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\usr\lib\python3.11\site-packages\ansible_collections\amazon\aws\plugins\inventory\aws_ec2.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2444

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    b39b81ef72fa9cfa1737ea825c0e78ec

    SHA1

    c9004c4e42ad2bd330e97d9059ba8128aaa02a4e

    SHA256

    a2cdb3afa38002a380138d5d931b45d4ea77f39accf82474b664b2edeb3fb1c7

    SHA512

    b0bc1000938e8161431e756500ef63c7557c89ce02b40bba066ed3ee26814d95835a9a9b58a23baff96cfe946446a2b5ebcccde325983bfbe4522c18d24fc759

    Download Submit