Malware Analysis Report

2024-11-13 15:24

Sample ID 240618-2tw2yasfqn
Target Window Renamer.exe
SHA256 2b0a5b3b41371469cba89974d25e3f71bd31923d085236b9ab23702ae8faa395
Tags
pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

2b0a5b3b41371469cba89974d25e3f71bd31923d085236b9ab23702ae8faa395

Threat Level: Shows suspicious behavior

The file Window Renamer.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller

Loads dropped DLL

Detects Pyinstaller

Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-18 22:52

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 22:52

Reported

2024-06-18 22:55

Platform

win10v2004-20240611-en

Max time kernel

124s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Window Renamer.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\Window Renamer.exe

"C:\Users\Admin\AppData\Local\Temp\Window Renamer.exe"

C:\Users\Admin\AppData\Local\Temp\Window Renamer.exe

"C:\Users\Admin\AppData\Local\Temp\Window Renamer.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4252,i,11049150160560877369,2866371920339304689,262144 --variations-seed-version --mojo-platform-channel-handle=3896 /prefetch:8

C:\Windows\system32\notepad.exe

"C:\Windows\system32\notepad.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 142.53.16.96.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI10122\python311.dll

MD5 e2bd5ae53427f193b42d64b8e9bf1943
SHA1 7c317aad8e2b24c08d3b8b3fba16dd537411727f
SHA256 c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400
SHA512 ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

C:\Users\Admin\AppData\Local\Temp\_MEI10122\VCRUNTIME140.dll

MD5 4585a96cc4eef6aafd5e27ea09147dc6
SHA1 489cfff1b19abbec98fda26ac8958005e88dd0cb
SHA256 a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736
SHA512 d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

C:\Users\Admin\AppData\Local\Temp\_MEI10122\base_library.zip

MD5 df673df8c5f4b100f5588b8cf1834b68
SHA1 dc82a6a581fc4ad98ef94046753a107f3079e2a8
SHA256 61f8ceeb90d4321ea6b9593627ee414acac0de654327e703c679aebc8c520c6f
SHA512 6836c4bc80a15b89401006d1b061a7ce7c1431b742dcc903bcf027713bf8886189f88e8937dd13bd2c5e21671063adb09939d1c1fcf2db755d8935abd846dc3e

C:\Users\Admin\AppData\Local\Temp\_MEI10122\win32\win32gui.pyd

MD5 3c81c0ceebb2b5c224a56c024021efad
SHA1 aee4ddcc136856ed2297d7dbdc781a266cf7eab9
SHA256 6085bc00a1f157c4d2cc0609e20e1e20d2572fe6498de3bec4c9c7bebcfbb629
SHA512 f2d6c06da4f56a8119a931b5895c446432152737b4a7ae95c2b91b1638e961da78833728d62e206e1d886e7c36d7bed3fa4403d0b57a017523dd831dd6b7117f

C:\Users\Admin\AppData\Local\Temp\_MEI10122\VCRUNTIME140_1.dll

MD5 7e668ab8a78bd0118b94978d154c85bc
SHA1 dbac42a02a8d50639805174afd21d45f3c56e3a0
SHA256 e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f
SHA512 72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032

C:\Users\Admin\AppData\Local\Temp\_MEI10122\pywin32_system32\pywintypes311.dll

MD5 90b786dc6795d8ad0870e290349b5b52
SHA1 592c54e67cf5d2d884339e7a8d7a21e003e6482f
SHA256 89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a
SHA512 c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72