Overview

overview

3

Static

static

1

PyPhisher-...her.py

windows7-x64

3

PyPhisher-...her.py

windows10-2004-x64

3

Analysis

  • max time kernel
    152s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2023, 21:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PyPhisher-main/pyphisher.py

  • Size

    49KB

  • MD5

    440cb99e3dcbffce5d967f54e2347b20

  • SHA1

    193d20b7504bdfc49dd4d2686e97f23ef67b05fb

  • SHA256

    cacfb783df52798729adaa65eca7bae12ade081236fe441be02abc37229a66d0

  • SHA512

    aeeca1b879924f599d85f58f59af0737ebb97b2b118af97b77da062c3916f250f85fe0d58c362747a7eedd4fe715d79fe5f4fbd7c5377a30ef063ca772356dd5

  • SSDEEP

    1536:ni4skQKgqHUgqvSmsdYapkv+JolUH73TmvQtZ:+0HU+ms/GQ73TmwZ

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\PyPhisher-main\pyphisher.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\PyPhisher-main\pyphisher.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2720
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\PyPhisher-main\pyphisher.py"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    411051db0c15645e011d1302715a9419

    SHA1

    016daae0461aaeaf9b87e54d11241e1820ce27b5

    SHA256

    a2cdd4554b3949bc4e60b49c96100800e6c6dd534104b6643cb35bd97ce3f27e

    SHA512

    7536ad077d53310262b308a5640a53f307b056f4248d7d2d0840a0f101752f7b92a8fbe5680c415ed6cd2c0824712fbb179d73537dd722b45c8677b93fa1590a

    Download Submit