Overview

overview

4

Static

static

1

python-3.1...64.exe

windows10-2004-x64

4

Resubmissions

19/02/2024, 16:39

240219-t5xhvagh58 1

19/02/2024, 16:09

240219-tl5p4sgb33 4

Analysis

  • max time kernel
    140s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/02/2024, 16:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    python-3.12.1-amd64.exe

  • Size

    25.4MB

  • MD5

    3e3b6550e58772d324f7519bfa8066dc

  • SHA1

    0ab0169635dbf038775aeb286d59df394afa81b1

  • SHA256

    2437d83db04fb272af8de65eead1a2fc416b9fac3f6af9ce51a627e32b4fe8f8

  • SHA512

    f7c70d8df4bb1dd8887cbf369812dbd6f9f5f16fbddfa813cae71129a8ab57038376f7753ac1a05711e8ef2958bf4799338301579faae6c1d061063cda208c24

  • SSDEEP

    786432:isru0VWRDopwKGuH3VifwnPZAHQOkshIj4yqM3Hvv/qEf57ZzH:C0MRD0wKGuXVi4PZAwORhIj4yqM3vJf/

Score
4/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\python-3.12.1-amd64.exe
    "C:\Users\Admin\AppData\Local\Temp\python-3.12.1-amd64.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1756
    • C:\Windows\Temp\{A614189A-DBC8-471F-8D00-F58289290D6F}\.cr\python-3.12.1-amd64.exe
      "C:\Windows\Temp\{A614189A-DBC8-471F-8D00-F58289290D6F}\.cr\python-3.12.1-amd64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\python-3.12.1-amd64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=692
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:4412

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Temp\{264F1A6C-38C5-456C-B72F-9E7AAA1BCB35}\.ba\PythonBA.dll
    Filesize

    675KB

    MD5

    df09402727865d10374dc381e16d3b1a

    SHA1

    1d05751be64fb7541172d608f2fb2e3eec3145e8

    SHA256

    6f8d9a394d58bb41ae7e40732fd06d33d53aaa12905c2db78cee29c319d9f748

    SHA512

    87fcc2c443a1fc5c477ef14001aaae791d1c532c80450bd9477e62e9b8ef572195a84b712c98ced576204f17c74f7e479e4f52ae837ead2e8178b1989faa235a

    Download Submit

  • C:\Windows\Temp\{264F1A6C-38C5-456C-B72F-9E7AAA1BCB35}\.ba\SideBar.png
    Filesize

    50KB

    MD5

    888eb713a0095756252058c9727e088a

    SHA1

    c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4

    SHA256

    79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067

    SHA512

    7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0

    Download Submit

  • C:\Windows\Temp\{A614189A-DBC8-471F-8D00-F58289290D6F}\.cr\python-3.12.1-amd64.exe
    Filesize

    858KB

    MD5

    a550379c156f0740ee642d8d1051bc6b

    SHA1

    a752892c15e7272e54bf85888033d39bc0a42678

    SHA256

    76d8f0d64bd4006fc84e6be1a87515f30f23f5733d43d3439b42ece10c19b61e

    SHA512

    1090a5c58a09a4fc08267eceed70ac0ccbed5a83d4a177f486e3d5fbea3a5c3b01342eb087a17ec68947ffbb053de94639cae5969a51f7a4c089d2208c72920d

    Download Submit