Malware Analysis Report

2025-04-14 03:25

Sample ID 240612-sjsgbstbrj
Target PyFlooder
SHA256 895638cf291c80b61001c3630661f43e308dcf8591b0e3f39f7f2c87f2eb904c
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

895638cf291c80b61001c3630661f43e308dcf8591b0e3f39f7f2c87f2eb904c

Threat Level: No (potentially) malicious behavior was detected

The file PyFlooder was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 15:09

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 15:09

Reported

2024-06-12 15:11

Platform

win10-20240404-en

Max time kernel

79s

Max time network

81s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\PyFlooder

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\PyFlooder

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 15:09

Reported

2024-06-12 15:13

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

172s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\PyFlooder

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\PyFlooder

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3024,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=3884 /prefetch:8

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 2.17.196.75:443 www.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 75.196.17.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A