Resubmissions

10/06/2024, 13:26 UTC

240610-qpxbcsxbra 8

10/06/2024, 13:22 UTC

240610-qmq2kaxfll 8

10/06/2024, 13:16 UTC

240610-qh9m4swhle 8

Analysis

  • max time kernel
    51s
  • max time network
    55s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/06/2024, 13:16 UTC

General

  • Target

    PySilon-malware-main/resources/source_code/crypto_clipper.py

  • Size

    4KB

  • MD5

    8e512488105128ef43b45a026c02bcb2

  • SHA1

    3728ddbb7f1af53bd3c0a3afce4bf38e99fa7b6f

  • SHA256

    a10f1d124d8b4d22cb0a612493c747d06209dd3a793965fda8b4de9d075ff34e

  • SHA512

    46118eac86c291bb7e46bf1a9ea07d62388a3e09f25d79c69e08d42f3bdaf6be68dcb60d8e69936c80f97b0dddfcacc6e073a221736f808a4d744ba6aabc8864

  • SSDEEP

    96:a1LoVOBa5ASQtCd45yO5HvgyKo/WzIRLTwM/hRBSLUrPlb/W/R//tXM/xR0:xOBa5ASQtCd4IO5Pv+0iMJXTZ+/Z/pMQ

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\PySilon-malware-main\resources\source_code\crypto_clipper.py
    1⤵
    • Modifies registry class
    PID:2724
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1040

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
No results found
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    330 B
    5

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.