Overview

overview

8

Static

static

3

A Installe...up.exe

windows7-x64

7

A Installe...up.exe

windows10-2004-x64

4

A Installe...er.bat

windows7-x64

1

A Installe...er.bat

windows10-2004-x64

1

A Installe...er.bat

windows7-x64

1

A Installe...er.bat

windows10-2004-x64

1

A Installe...at.exe

windows7-x64

1

A Installe...at.exe

windows10-2004-x64

6

A Installe...79.exe

windows7-x64

8

A Installe...79.exe

windows10-2004-x64

8

NPFInstall.exe

windows7-x64

4

NPFInstall.exe

windows10-2004-x64

4

x64/NPFInstall.exe

windows7-x64

4

x64/NPFInstall.exe

windows10-2004-x64

4

A Installe...64.exe

windows7-x64

4

A Installe...64.exe

windows10-2004-x64

4

GoldHEN-beta.zip

windows7-x64

1

GoldHEN-beta.zip

windows10-2004-x64

1

GoldHEN-be...en.bin

windows7-x64

3

GoldHEN-be...en.bin

windows10-2004-x64

3

pppwn GUI/....5.exe

windows7-x64

7

pppwn GUI/....5.exe

windows10-2004-x64

7

pppwn.pyc

windows7-x64

3

pppwn.pyc

windows10-2004-x64

3

pppwn GUI/...on.zip

windows7-x64

1

pppwn GUI/...on.zip

windows10-2004-x64

1

Unpacked/p...r2.dll

windows7-x64

1

Unpacked/p...r2.dll

windows10-2004-x64

1

Unpacked/p....5.exe

windows7-x64

7

Unpacked/p....5.exe

windows10-2004-x64

1

Unpacked/p...n_.exe

windows7-x64

7

Unpacked/p...n_.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-05-2024 16:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    A Installer/python-3.12.3-amd64.exe

  • Size

    25.5MB

  • MD5

    c86949710e0471a065db970290819489

  • SHA1

    b1207fba545a75841e2dbca2ad4f17b26414e0c1

  • SHA256

    edfc6c84dc47eebd4fae9167e96ff5d9c27f8abaa779ee1deab9c3d964d0de3c

  • SHA512

    0e19181bc121518b5ef154fecc57a837e73f36143b9cb51114bd3f54056bc09977abc1e4ef145a03344d9ad2b8e49faa483b4ef70e4176af2bc17a8e5a3cd4ac

  • SSDEEP

    786432:QqJaMb8rrFiWxc+HI9gEPYZG07rn7EBFsMEbi:FmrrFiEHHEPYtrFtbi

Score
4/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\A Installer\python-3.12.3-amd64.exe
    "C:\Users\Admin\AppData\Local\Temp\A Installer\python-3.12.3-amd64.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4532
    • C:\Windows\Temp\{1C7E5948-1F25-415F-8F7F-78A928D81D54}\.cr\python-3.12.3-amd64.exe
      "C:\Windows\Temp\{1C7E5948-1F25-415F-8F7F-78A928D81D54}\.cr\python-3.12.3-amd64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\A Installer\python-3.12.3-amd64.exe" -burn.filehandle.attached=532 -burn.filehandle.self=544
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3724

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Temp\{1C7E5948-1F25-415F-8F7F-78A928D81D54}\.cr\python-3.12.3-amd64.exe
    Filesize

    858KB

    MD5

    d6958b9b90d2667936691080102ecc18

    SHA1

    c8e252d4926c81b4143aaeb89957662464eb3cd4

    SHA256

    ebee7043423bc83b3e8c8dde159e660cf15b376e248c3f8385b5076b85083614

    SHA512

    f49059a69df60cf3f6fb22787ff02809e5a8190777fa81c8672c14f9f104b2b7b1cb339a2773facb6dc450bcb51c4a0f80099fb0e992f7226c9ebcc56cf040e5

    Download Submit
  • C:\Windows\Temp\{F0DC0FA8-BE3E-4368-BD8A-7030AF103045}\.ba\PythonBA.dll
    Filesize

    675KB

    MD5

    74bbd9179465851bc0145bf1ca37c73a

    SHA1

    09fdc7061d81f2a2fa548169f2239cdc2e76979d

    SHA256

    17e381ff07daf726967a8c4c66eeb4e8e2a56f9b722bde953827ce7971460e0b

    SHA512

    d5b99d4264c39740fcfad886168054070f7b0144cd1dad9bf858e8b72c6fef90a07da8ae1a4e9554645da84dd69e823a6259a0c30214b343b4e48ab81fa382d4

    Download Submit
  • C:\Windows\Temp\{F0DC0FA8-BE3E-4368-BD8A-7030AF103045}\.ba\SideBar.png
    Filesize

    50KB

    MD5

    888eb713a0095756252058c9727e088a

    SHA1

    c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4

    SHA256

    79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067

    SHA512

    7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0

    Download Submit