Overview

overview

8

Static

static

3

dex.py

windows11-21h2-x64

8

index.html

windows11-21h2-x64

1

launch.bat

windows11-21h2-x64

1

objects.py

windows11-21h2-x64

3

olympia.py

windows11-21h2-x64

3

pyarmor_ru...t__.py

windows11-21h2-x64

3

pyarmor_ru...12.pyc

windows11-21h2-x64

3

pyarmor_ru...me.dll

windows11-21h2-x64

1

synapse.py

windows11-21h2-x64

3

Resubmissions

22-02-2024 23:12

240222-2695bsgf99 3

22-02-2024 23:07

240222-233wvagf86 8

22-02-2024 23:03

240222-21plfagb6x 8

Analysis

  • max time kernel
    30s
  • max time network
    141s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22-02-2024 23:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    launch.bat

  • Size

    55B

  • MD5

    eba1cce2735dee5889cd301bd8d6920c

  • SHA1

    8603ce6f40ca1e7c96e2d0f73bea0c7f2ce060d1

  • SHA256

    1a657bd8ee49122a706ee9e7f59d53e8c052213d94febb48134b8e64789f5b92

  • SHA512

    3c40369fe4755196579a1ac2783e6069d0a49bd159641973e3576b295351495ae7de87085915517e7e9da6f8a601d2658affe63dddaeef8e3869f5a44ce9521b

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\launch.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4792
    • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
      python olympia.py
      2⤵
        PID:3964

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads