Overview

overview

4

Static

static

1

python-3.1...64.exe

windows7-x64

4

python-3.1...64.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    1558s
  • max time network
    1560s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    06/01/2024, 12:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    python-3.12.1-amd64.exe

  • Size

    25.4MB

  • MD5

    3e3b6550e58772d324f7519bfa8066dc

  • SHA1

    0ab0169635dbf038775aeb286d59df394afa81b1

  • SHA256

    2437d83db04fb272af8de65eead1a2fc416b9fac3f6af9ce51a627e32b4fe8f8

  • SHA512

    f7c70d8df4bb1dd8887cbf369812dbd6f9f5f16fbddfa813cae71129a8ab57038376f7753ac1a05711e8ef2958bf4799338301579faae6c1d061063cda208c24

  • SSDEEP

    786432:isru0VWRDopwKGuH3VifwnPZAHQOkshIj4yqM3Hvv/qEf57ZzH:C0MRD0wKGuXVi4PZAwORhIj4yqM3vJf/

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\python-3.12.1-amd64.exe
    "C:\Users\Admin\AppData\Local\Temp\python-3.12.1-amd64.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3040
    • C:\Windows\Temp\{2272D06D-3FDA-4E7D-9215-D9F4651421D5}\.cr\python-3.12.1-amd64.exe
      "C:\Windows\Temp\{2272D06D-3FDA-4E7D-9215-D9F4651421D5}\.cr\python-3.12.1-amd64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\python-3.12.1-amd64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1984

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\Temp\{2272D06D-3FDA-4E7D-9215-D9F4651421D5}\.cr\python-3.12.1-amd64.exe
          Filesize

          858KB

          MD5

          a550379c156f0740ee642d8d1051bc6b

          SHA1

          a752892c15e7272e54bf85888033d39bc0a42678

          SHA256

          76d8f0d64bd4006fc84e6be1a87515f30f23f5733d43d3439b42ece10c19b61e

          SHA512

          1090a5c58a09a4fc08267eceed70ac0ccbed5a83d4a177f486e3d5fbea3a5c3b01342eb087a17ec68947ffbb053de94639cae5969a51f7a4c089d2208c72920d

          Download Submit

        • C:\Windows\Temp\{4D5367F3-CEAA-4C6D-B155-DA3DF8CE26C9}\.ba\SideBar.png
          Filesize

          50KB

          MD5

          888eb713a0095756252058c9727e088a

          SHA1

          c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4

          SHA256

          79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067

          SHA512

          7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0

          Download Submit

        • \Windows\Temp\{4D5367F3-CEAA-4C6D-B155-DA3DF8CE26C9}\.ba\PythonBA.dll
          Filesize

          675KB

          MD5

          df09402727865d10374dc381e16d3b1a

          SHA1

          1d05751be64fb7541172d608f2fb2e3eec3145e8

          SHA256

          6f8d9a394d58bb41ae7e40732fd06d33d53aaa12905c2db78cee29c319d9f748

          SHA512

          87fcc2c443a1fc5c477ef14001aaae791d1c532c80450bd9477e62e9b8ef572195a84b712c98ced576204f17c74f7e479e4f52ae837ead2e8178b1989faa235a

          Download Submit