Malware Analysis Report

2024-11-30 11:48

Sample ID 231012-hj2d5aef39
Target 6ec269438a88b7045fa59ab1f3f40bedba8daaafa8f84f44cca9f42609ccdd9e
SHA256 6ec269438a88b7045fa59ab1f3f40bedba8daaafa8f84f44cca9f42609ccdd9e
Tags
pyinstaller pysilon upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6ec269438a88b7045fa59ab1f3f40bedba8daaafa8f84f44cca9f42609ccdd9e

Threat Level: Known bad

The file 6ec269438a88b7045fa59ab1f3f40bedba8daaafa8f84f44cca9f42609ccdd9e was found to be: Known bad.

Malicious Activity Summary

pyinstaller pysilon upx

Detect Pysilon

Pysilon family

UPX packed file

Loads dropped DLL

Detects Pyinstaller

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-10-12 06:47

Signatures

Detect Pysilon

Description Indicator Process Target
N/A N/A N/A N/A

Pysilon family

pysilon

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-12 06:46

Reported

2023-10-13 12:21

Platform

win7-20230831-en

Max time kernel

218s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6ec269438a88b7045fa59ab1f3f40bedba8daaafa8f84f44cca9f42609ccdd9e.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\6ec269438a88b7045fa59ab1f3f40bedba8daaafa8f84f44cca9f42609ccdd9e.exe

"C:\Users\Admin\AppData\Local\Temp\6ec269438a88b7045fa59ab1f3f40bedba8daaafa8f84f44cca9f42609ccdd9e.exe"

C:\Users\Admin\AppData\Local\Temp\6ec269438a88b7045fa59ab1f3f40bedba8daaafa8f84f44cca9f42609ccdd9e.exe

"C:\Users\Admin\AppData\Local\Temp\6ec269438a88b7045fa59ab1f3f40bedba8daaafa8f84f44cca9f42609ccdd9e.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\_MEI29682\python311.dll

MD5 5f6fd64ec2d7d73ae49c34dd12cedb23
SHA1 c6e0385a868f3153a6e8879527749db52dce4125
SHA256 ff9f102264d1944fbfae2ba70e7a71435f51a3e8c677fd970b621c4c9ea71967
SHA512 c4be2d042c6e4d22e46eacfd550f61b8f55814bfe41d216a4df48382247df70bc63151068513855aa78f9b3d2f10ba6a824312948324c92de6dd0f6af414e8ab

\Users\Admin\AppData\Local\Temp\_MEI29682\python311.dll

MD5 5f6fd64ec2d7d73ae49c34dd12cedb23
SHA1 c6e0385a868f3153a6e8879527749db52dce4125
SHA256 ff9f102264d1944fbfae2ba70e7a71435f51a3e8c677fd970b621c4c9ea71967
SHA512 c4be2d042c6e4d22e46eacfd550f61b8f55814bfe41d216a4df48382247df70bc63151068513855aa78f9b3d2f10ba6a824312948324c92de6dd0f6af414e8ab

memory/2792-1242-0x000007FEF55D0000-0x000007FEF5BB9000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-10-12 06:46

Reported

2023-10-13 12:21

Platform

win10v2004-20230915-en

Max time kernel

217s

Max time network

258s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6ec269438a88b7045fa59ab1f3f40bedba8daaafa8f84f44cca9f42609ccdd9e.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6ec269438a88b7045fa59ab1f3f40bedba8daaafa8f84f44cca9f42609ccdd9e.exe

"C:\Users\Admin\AppData\Local\Temp\6ec269438a88b7045fa59ab1f3f40bedba8daaafa8f84f44cca9f42609ccdd9e.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 29.81.57.23.in-addr.arpa udp
US 8.8.8.8:53 130.109.69.13.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp

Files

N/A