Overview
overview
3Static
static
1pycryptoco...t__.py
windows7-x64
3pycryptoco...t__.py
windows10-2004-x64
3pycryptoco...sn1.py
windows7-x64
3pycryptoco...sn1.py
windows10-2004-x64
3pycryptoco...ric.py
windows7-x64
3pycryptoco...ric.py
windows10-2004-x64
3pycryptoco...tes.py
windows7-x64
3pycryptoco...tes.py
windows10-2004-x64
3pycryptoco...dsa.py
windows7-x64
3pycryptoco...dsa.py
windows10-2004-x64
3pycryptoco...ors.py
windows7-x64
3pycryptoco...ors.py
windows10-2004-x64
3pycryptoco...ffi.py
windows7-x64
3pycryptoco...ffi.py
windows10-2004-x64
3pycryptoco...int.py
windows7-x64
3pycryptoco...int.py
windows10-2004-x64
3pycryptoco...ist.py
windows7-x64
3pycryptoco...ist.py
windows10-2004-x64
3pycryptoco...pto.py
windows7-x64
3pycryptoco...pto.py
windows10-2004-x64
3pycryptoco...ffi.py
windows7-x64
3pycryptoco...ffi.py
windows10-2004-x64
3pycryptoco...pes.py
windows7-x64
3pycryptoco...pes.py
windows10-2004-x64
3pycryptoco...ion.py
windows7-x64
3pycryptoco...ion.py
windows10-2004-x64
3pycryptoco...ffi.py
windows7-x64
3pycryptoco...ffi.py
windows10-2004-x64
3pycryptoco...pes.py
windows7-x64
3pycryptoco...pes.py
windows10-2004-x64
3pycryptoco...ity.py
windows7-x64
3pycryptoco...ity.py
windows10-2004-x64
3Analysis
-
max time kernel
134s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
07-03-2024 17:59
Static task
static1
Behavioral task
behavioral1
Sample
pycryptoconf-1.0.6/pycryptoconf/__init__.py
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
pycryptoconf-1.0.6/pycryptoconf/__init__.py
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
pycryptoconf-1.0.6/pycryptoconf/_asn1.py
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
pycryptoconf-1.0.6/pycryptoconf/_asn1.py
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
pycryptoconf-1.0.6/pycryptoconf/_asymmetric.py
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
pycryptoconf-1.0.6/pycryptoconf/_asymmetric.py
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
pycryptoconf-1.0.6/pycryptoconf/_cipher_suites.py
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
pycryptoconf-1.0.6/pycryptoconf/_cipher_suites.py
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
pycryptoconf-1.0.6/pycryptoconf/_ecdsa.py
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
pycryptoconf-1.0.6/pycryptoconf/_ecdsa.py
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
pycryptoconf-1.0.6/pycryptoconf/_errors.py
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
pycryptoconf-1.0.6/pycryptoconf/_errors.py
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
pycryptoconf-1.0.6/pycryptoconf/_ffi.py
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
pycryptoconf-1.0.6/pycryptoconf/_ffi.py
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
pycryptoconf-1.0.6/pycryptoconf/_int.py
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
pycryptoconf-1.0.6/pycryptoconf/_int.py
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
pycryptoconf-1.0.6/pycryptoconf/_linux_bsd/trust_list.py
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
pycryptoconf-1.0.6/pycryptoconf/_linux_bsd/trust_list.py
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
pycryptoconf-1.0.6/pycryptoconf/_mac/_common_crypto.py
Resource
win7-20240220-en
Behavioral task
behavioral20
Sample
pycryptoconf-1.0.6/pycryptoconf/_mac/_common_crypto.py
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
pycryptoconf-1.0.6/pycryptoconf/_mac/_common_crypto_cffi.py
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
pycryptoconf-1.0.6/pycryptoconf/_mac/_common_crypto_cffi.py
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
pycryptoconf-1.0.6/pycryptoconf/_mac/_common_crypto_ctypes.py
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
pycryptoconf-1.0.6/pycryptoconf/_mac/_common_crypto_ctypes.py
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
pycryptoconf-1.0.6/pycryptoconf/_mac/_core_foundation.py
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
pycryptoconf-1.0.6/pycryptoconf/_mac/_core_foundation.py
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
pycryptoconf-1.0.6/pycryptoconf/_mac/_core_foundation_cffi.py
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
pycryptoconf-1.0.6/pycryptoconf/_mac/_core_foundation_cffi.py
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
pycryptoconf-1.0.6/pycryptoconf/_mac/_core_foundation_ctypes.py
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
pycryptoconf-1.0.6/pycryptoconf/_mac/_core_foundation_ctypes.py
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
pycryptoconf-1.0.6/pycryptoconf/_mac/_security.py
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
pycryptoconf-1.0.6/pycryptoconf/_mac/_security.py
Resource
win10v2004-20240226-en
General
-
Target
pycryptoconf-1.0.6/pycryptoconf/_mac/_core_foundation_ctypes.py
-
Size
13KB
-
MD5
65e959676940578bafa9e52eef8441a6
-
SHA1
4f96acb7483d0adec47d15e77eea56a83812524c
-
SHA256
27705cbbe2d3c116f1bfe7c9886317d0a92c76d805f839aece68fbeb5b240b09
-
SHA512
9451cdababf772929e8dc50ee7597f98c35aa6b354386d1f7c15d3d8988ceb6c98ddc93f8a5a3e5b07199b6eb56eb6d099bb27598be10964755f3b98d0e8493c
-
SSDEEP
96:62+B7H20BmsH6ukeHKRK4U/0P5AIYJLQgyBSHenUMcQTBn7c55rl24IZ0QXMIu2X:6n7Wwmshc0/0P5AXQtBaMcAtJoIMW
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 4520 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\pycryptoconf-1.0.6\pycryptoconf\_mac\_core_foundation_ctypes.py1⤵
- Modifies registry class
PID:5084
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4520