Overview

overview

7

Static

static

1

Bypass.zip

windows11-21h2-x64

7

Bypass/bypass.py

windows11-21h2-x64

3

Bypass/config.json

windows11-21h2-x64

3

Bypass/dat...11.pyc

windows11-21h2-x64

3

Bypass/dat...11.pyc

windows11-21h2-x64

3

Bypass/dat...req.py

windows11-21h2-x64

3

Bypass/dat...ter.py

windows11-21h2-x64

3

Bypass/install.bat

windows11-21h2-x64

1

python-3.1...64.exe

windows11-21h2-x64

4

Analysis

  • max time kernel
    519s
  • max time network
    529s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    11-06-2024 10:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Bypass/data/addons/__pycache__/updater.cpython-311.pyc

  • Size

    2KB

  • MD5

    b96f44f83d095d36adf8df1e5e82ba2c

  • SHA1

    5ae1d8cb9408612c9400099d940acd8098262034

  • SHA256

    e624597d94e24e096136b146d0fe57665759395b5f9506d2e4d0ada2080c1e48

  • SHA512

    5c33a978d4c88e7187e88efb1ae41456911e0bd572b361258333b7a795050af0a6d5efd21d837d39cad83dd9df376fcdf5d9e240a7439115a801bef08eaff1ce

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Bypass\data\addons\__pycache__\updater.cpython-311.pyc
    1⤵
    • Modifies registry class
    PID:2684
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3640

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads