Malware Analysis Report

2024-11-30 11:46

Sample ID 231011-h6e5eahe41
Target Nameless.exe
SHA256 771e2e9dd2f23b339fa2002611ff226eb19c002ddd71f5c9c506bffe65c89ac9
Tags
pyinstaller pysilon upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

771e2e9dd2f23b339fa2002611ff226eb19c002ddd71f5c9c506bffe65c89ac9

Threat Level: Known bad

The file Nameless.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller pysilon upx

Detect Pysilon

Pysilon family

Loads dropped DLL

UPX packed file

Detects Pyinstaller

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-10-11 07:20

Signatures

Detect Pysilon

Description Indicator Process Target
N/A N/A N/A N/A

Pysilon family

pysilon

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-11 07:20

Reported

2023-10-11 10:32

Platform

win7-20230831-en

Max time kernel

120s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Nameless.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Nameless.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Nameless.exe

"C:\Users\Admin\AppData\Local\Temp\Nameless.exe"

C:\Users\Admin\AppData\Local\Temp\Nameless.exe

"C:\Users\Admin\AppData\Local\Temp\Nameless.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\_MEI21562\python311.dll

MD5 5f6fd64ec2d7d73ae49c34dd12cedb23
SHA1 c6e0385a868f3153a6e8879527749db52dce4125
SHA256 ff9f102264d1944fbfae2ba70e7a71435f51a3e8c677fd970b621c4c9ea71967
SHA512 c4be2d042c6e4d22e46eacfd550f61b8f55814bfe41d216a4df48382247df70bc63151068513855aa78f9b3d2f10ba6a824312948324c92de6dd0f6af414e8ab

\Users\Admin\AppData\Local\Temp\_MEI21562\python311.dll

MD5 5f6fd64ec2d7d73ae49c34dd12cedb23
SHA1 c6e0385a868f3153a6e8879527749db52dce4125
SHA256 ff9f102264d1944fbfae2ba70e7a71435f51a3e8c677fd970b621c4c9ea71967
SHA512 c4be2d042c6e4d22e46eacfd550f61b8f55814bfe41d216a4df48382247df70bc63151068513855aa78f9b3d2f10ba6a824312948324c92de6dd0f6af414e8ab

memory/2756-1243-0x000007FEF5C10000-0x000007FEF61F9000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-10-11 07:20

Reported

2023-10-11 10:38

Platform

win10v2004-20230915-en

Max time kernel

253s

Max time network

271s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Nameless.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Nameless.exe

"C:\Users\Admin\AppData\Local\Temp\Nameless.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 112.208.253.8.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 153.141.79.40.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 126.211.247.8.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp

Files

N/A