Overview

overview

6

Static

static

3

exe.win-am...ox.exe

windows7-x64

1

exe.win-am...ox.exe

windows10-2004-x64

6

exe.win-am...ES.pyc

windows7-x64

3

exe.win-am...ES.pyc

windows10-2004-x64

3

exe.win-am...C4.dll

windows7-x64

1

exe.win-am...C4.dll

windows10-2004-x64

1

exe.win-am...sh.pyc

windows7-x64

3

exe.win-am...sh.pyc

windows10-2004-x64

3

exe.win-am...20.dll

windows7-x64

1

exe.win-am...20.dll

windows10-2004-x64

1

exe.win-am...__.pyc

windows7-x64

3

exe.win-am...__.pyc

windows10-2004-x64

3

exe.win-am...20.dll

windows7-x64

1

exe.win-am...20.dll

windows10-2004-x64

1

exe.win-am...bc.pyc

windows7-x64

3

exe.win-am...bc.pyc

windows10-2004-x64

3

exe.win-am...cm.pyc

windows7-x64

3

exe.win-am...cm.pyc

windows10-2004-x64

3

exe.win-am...fb.pyc

windows7-x64

3

exe.win-am...fb.pyc

windows10-2004-x64

3

exe.win-am...tr.pyc

windows7-x64

3

exe.win-am...tr.pyc

windows10-2004-x64

3

exe.win-am...ax.pyc

windows7-x64

3

exe.win-am...ax.pyc

windows10-2004-x64

3

exe.win-am...cb.pyc

windows7-x64

3

exe.win-am...cb.pyc

windows10-2004-x64

3

exe.win-am...cm.pyc

windows7-x64

3

exe.win-am...cm.pyc

windows10-2004-x64

3

exe.win-am...cb.pyc

windows7-x64

3

exe.win-am...cb.pyc

windows10-2004-x64

3

exe.win-am...fb.pyc

windows7-x64

3

exe.win-am...fb.pyc

windows10-2004-x64

Analysis

  • max time kernel
    237s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11-10-2023 05:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    exe.win-amd64-3.11/lib/Cryptodome/Cipher/AES.pyc

  • Size

    8KB

  • MD5

    feacb7a61455be14be008e1074f849e9

  • SHA1

    8ce9c63b8410a53a459e0388cc482f8b985e2342

  • SHA256

    47dab4326f983b329e3bb7b91f6284c9644ca0d3e3c4d11ce59c4514bb2c32f7

  • SHA512

    2c57a7445fcae606007958158c77fe084c5ad0feab027427057e2b7da39d26d305c86d934963dedd7decda4fe4ddfe4bcb9fa712515c9d3f749f291647b7b354

  • SSDEEP

    192:8e65nM89EXW/NjsHXk/y+ItPdZ9QjLslFdgggy/o:8/9BVhGtPFQjLslFTo

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\exe.win-amd64-3.11\lib\Cryptodome\Cipher\AES.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2680
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\exe.win-amd64-3.11\lib\Cryptodome\Cipher\AES.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2788
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\exe.win-amd64-3.11\lib\Cryptodome\Cipher\AES.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2984

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    d661b846001dbfe3d8dffd296c40dcf4

    SHA1

    b9d55c0c600d423ba2241671f73be5f35da6bfff

    SHA256

    11d86394e37214528dff8a230f040227a361ab2faef027ee3b18b8d56799ef02

    SHA512

    edccdf92df7ac1fa7b8e8802545c880c855d2c6e475090ddfa48fa1dc59c5c1a5b0f43d0f853d6f76199877f13135776ca12cf743b9e8a18e6e4f8e6d53a0f4c

    Download Submit