73b06276c6ffc3658374d06065619590a1b9fd7a0c77fa1ce03e7fcb97b3ee8a

Submit
Reports

Overview

overview

Static

static

FrenniFazc...eAlpha

ubuntu-18.04-amd64

FrenniFazc...hon.so

ubuntu-18.04-amd64

FrenniFazc...python

ubuntu-18.04-amd64

FrenniFazc...ythonw

ubuntu-18.04-amd64

FrenniFazc.../zsync

ubuntu-18.04-amd64

FrenniFazc...ncmake

ubuntu-18.04-amd64

FrenniFazc...47.dll

windows10-2004-x64

FrenniFazc...GL.dll

windows7-x64

FrenniFazc...GL.dll

windows10-2004-x64

FrenniFazc...v2.dll

windows7-x64

FrenniFazc...v2.dll

windows10-2004-x64

FrenniFazc....9.dll

windows7-x64

FrenniFazc....9.dll

windows10-2004-x64

FrenniFazc...on.dll

windows7-x64

FrenniFazc...on.dll

windows10-2004-x64

FrenniFazc...-1.dll

windows7-x64

FrenniFazc...-1.dll

windows10-2004-x64

FrenniFazc...rs.dll

windows7-x64

FrenniFazc...rs.dll

windows10-2004-x64

FrenniFazc...on.exe

windows7-x64

FrenniFazc...on.exe

windows10-2004-x64

FrenniFazc...nw.exe

windows7-x64

FrenniFazc...nw.exe

windows10-2004-x64

FrenniFazc...ay.vbs

windows7-x64

FrenniFazc...ay.vbs

windows10-2004-x64

FrenniFazc...nc.exe

windows7-x64

FrenniFazc...nc.exe

windows10-2004-x64

FrenniFazc...ke.exe

windows7-x64

FrenniFazc...ke.exe

windows10-2004-x64

FrenniFazc...__.pyc

windows7-x64

FrenniFazc...__.pyc

windows10-2004-x64

FrenniFazc...le.pyc

windows7-x64

Analysis

max time kernel
120s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17-05-2024 19:46

Sharing

Copy URL

Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-linux-x86_64/FrenniFazclaireAlpha

Resource

ubuntu1804-amd64-20240508-en

antivm

ubuntu-18.04-amd64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-linux-x86_64/librenpython.so

Resource

ubuntu1804-amd64-20240508-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-linux-x86_64/python

Resource

ubuntu1804-amd64-20240508-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-linux-x86_64/pythonw

Resource

ubuntu1804-amd64-20240508-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-linux-x86_64/zsync

Resource

ubuntu1804-amd64-20240508-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-linux-x86_64/zsyncmake

Resource

ubuntu1804-amd64-20240508-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-windows-x86_64/d3dcompiler_47.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-windows-x86_64/libEGL.dll

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-windows-x86_64/libEGL.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-windows-x86_64/libGLESv2.dll

Resource

win7-20240508-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral11

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-windows-x86_64/libGLESv2.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-windows-x86_64/libpython3.9.dll

Resource

win7-20240221-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral13

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-windows-x86_64/libpython3.9.dll

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-windows-x86_64/librenpython.dll

Resource

win7-20231129-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-windows-x86_64/librenpython.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-windows-x86_64/libwinpthread-1.dll

Resource

win7-20240508-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-windows-x86_64/libwinpthread-1.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-windows-x86_64/nvdrs.dll

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-windows-x86_64/nvdrs.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-windows-x86_64/python.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-windows-x86_64/python.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-windows-x86_64/pythonw.exe

Resource

win7-20240508-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-windows-x86_64/pythonw.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-windows-x86_64/say.vbs

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-windows-x86_64/say.vbs

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-windows-x86_64/zsync.exe

Resource

win7-20240220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-windows-x86_64/zsync.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-windows-x86_64/zsyncmake.exe

Resource

win7-20240508-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-windows-x86_64/zsyncmake.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/python3.9/__future__.pyc

Resource

win7-20231129-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral31

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/python3.9/__future__.pyc

Resource

win10v2004-20240508-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral32

Sample

FrenniFazclaireAlpha-0.3.1-pc/lib/python3.9/_bootlocale.pyc

Resource

win7-20240419-en

windows7-x64

5 signatures

150 seconds

Report Analysis Logs

General

Target

FrenniFazclaireAlpha-0.3.1-pc/lib/py3-windows-x86_64/libpython3.9.dll
Size

8.3MB
MD5

8e862875cf5bf9de8e8e091a5cf810df
SHA1

e57830874833cf5d222fe8feb7fc2886e94307eb
SHA256

798ee42f93433554124426517cbb727408f2b14b737f857ba69af6e6399e3dc6
SHA512

dc5dea7d6e69bbb683516e876ccac60aaf5e4fd4a55ac256c668dae0ed87213bc217100936b1351deb8ca467d2e091fb3fcf149e8e0d9069361e87d80d7937e7
SSDEEP

98304:qtc5Q2orymbu3VOVwaAv01wgeYUXO7dPlMBLa2THxM/UZdLZwhsdzj3+opm9g0vE:ycfojhVU0ZR/hhsR3+opm9g0vHF

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1244 wrote to memory of 1260	1244	rundll32.exe	WerFault.exe
PID 1244 wrote to memory of 1260	1244	rundll32.exe	WerFault.exe
PID 1244 wrote to memory of 1260	1244	rundll32.exe	WerFault.exe

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\FrenniFazclaireAlpha-0.3.1-pc\lib\py3-windows-x86_64\libpython3.9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1244

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1244 -s 128
2⤵
PID:1260

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads