Malware Analysis Report

2025-05-05 21:13

Sample ID 240626-ybfqfszdma
Target main.exe
SHA256 c1f9ff22da89d7231653000c4cc24f0f9eaf73adaca9762245888e9eece5b243
Tags
pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

c1f9ff22da89d7231653000c4cc24f0f9eaf73adaca9762245888e9eece5b243

Threat Level: Shows suspicious behavior

The file main.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller

Loads dropped DLL

Detects Pyinstaller

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-26 19:36

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-26 19:36

Reported

2024-06-26 19:39

Platform

win10-20240404-en

Max time kernel

134s

Max time network

136s

Command Line

"C:\Users\Admin\AppData\Local\Temp\main.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\main.exe

"C:\Users\Admin\AppData\Local\Temp\main.exe"

C:\Users\Admin\AppData\Local\Temp\main.exe

"C:\Users\Admin\AppData\Local\Temp\main.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 10.179.89.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI22802\ucrtbase.dll

MD5 0e0bac3d1dcc1833eae4e3e4cf83c4ef
SHA1 4189f4459c54e69c6d3155a82524bda7549a75a6
SHA256 8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae
SHA512 a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

C:\Users\Admin\AppData\Local\Temp\_MEI22802\python310.dll

MD5 c80b5cb43e5fe7948c3562c1fff1254e
SHA1 f73cb1fb9445c96ecd56b984a1822e502e71ab9d
SHA256 058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20
SHA512 faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

C:\Users\Admin\AppData\Local\Temp\_MEI22802\VCRUNTIME140.dll

MD5 f12681a472b9dd04a812e16096514974
SHA1 6fd102eb3e0b0e6eef08118d71f28702d1a9067c
SHA256 d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8
SHA512 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

C:\Users\Admin\AppData\Local\Temp\_MEI22802\base_library.zip

MD5 a417d93a6143e527d07f05790d9402f3
SHA1 ee7e24bd19e76cb66c2f018c4d1fd77e81754601
SHA256 f1e43a996ec3aa5e639a1847699fbe139e7105f7158a92e87e62e1983f7825ce
SHA512 3fbde2e5be17e3a43dd4b6c0b81792b3a8296bdb28277d700e10a8793cfd3b188144f108f51fd0188e9e2f41b2289c9977ff0987856bced93219243f78e8214a

C:\Users\Admin\AppData\Local\Temp\_MEI22802\_bz2.pyd

MD5 a4b636201605067b676cc43784ae5570
SHA1 e9f49d0fc75f25743d04ce23c496eb5f89e72a9a
SHA256 f178e29921c04fb68cc08b1e5d1181e5df8ce1de38a968778e27990f4a69973c
SHA512 02096bc36c7a9ecfa1712fe738b5ef8b78c6964e0e363136166657c153727b870a6a44c1e1ec9b81289d1aa0af9c85f1a37b95b667103edc2d3916280b6a9488

C:\Users\Admin\AppData\Local\Temp\_MEI22802\_lzma.pyd

MD5 b5fbc034ad7c70a2ad1eb34d08b36cf8
SHA1 4efe3f21be36095673d949cceac928e11522b29c
SHA256 80a6ebe46f43ffa93bbdbfc83e67d6f44a44055de1439b06e4dd2983cb243df6
SHA512 e7185da748502b645030c96d3345d75814ba5fd95a997c2d1c923d981c44d5b90db64faf77ddbbdc805769af1bec37daf0ecee0930a248b67a1c2d92b59c250c