Overview

overview

4

Static

static

1

python-3.1...64.exe

windows7-x64

4

python-3.1...64.exe

windows10-2004-x64

4

Resubmissions

05-07-2024 23:04

240705-22ners1brd 6

05-07-2024 23:03

240705-21x8ksybrr 4

05-07-2024 23:00

240705-2y63ps1blb 6

05-07-2024 22:56

240705-2w6zxs1aqa 4

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    05-07-2024 22:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    python-3.12.4-amd64.exe

  • Size

    25.5MB

  • MD5

    f3df1be26cc7cbd8252ab5632b62d740

  • SHA1

    3b1f54802b4cb8c02d1eb78fc79f95f91e8e49e4

  • SHA256

    da5809df5cb05200b3a528a186f39b7d6186376ce051b0a393f1ddf67c995258

  • SHA512

    2f9a11ffae6d9f1ed76bf816f28812fcba71f87080b0c92e52bfccb46243118c5803a7e25dd78003ca7d66501bfcdce8ff7c691c63c0038b0d409ca3842dcc89

  • SSDEEP

    786432:zRd0l0X/46+nq1rcVqA5Z2bQcLsv0GlYrJF55e2nRk:L5P46+q1QTILMKB5e2nRk

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\python-3.12.4-amd64.exe
    "C:\Users\Admin\AppData\Local\Temp\python-3.12.4-amd64.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Windows\Temp\{CF74AC9F-E2C8-46C1-AC4E-2954D9C9571D}\.cr\python-3.12.4-amd64.exe
      "C:\Windows\Temp\{CF74AC9F-E2C8-46C1-AC4E-2954D9C9571D}\.cr\python-3.12.4-amd64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\python-3.12.4-amd64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2256
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.python.org/downloads/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1728
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1144

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
    Filesize

    867B

    MD5

    c5dfb849ca051355ee2dba1ac33eb028

    SHA1

    d69b561148f01c77c54578c10926df5b856976ad

    SHA256

    cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

    SHA512

    88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    1776a05cb5e64e1c69fe82795dc361ae

    SHA1

    f03b9c822dc2461781e59cb9f62285208e591599

    SHA256

    55a5aa07f7f8618a4b362e0b8589968beea133ee7042caf4d1b75f4eccf1d1b5

    SHA512

    4ad152dba80dd6450d9b17b51921e50ff9ad525d1ae62a64b7c88401b4fbc022b4abac0d30896a12b9f88cf44da21c8274a7a0f15f13305dc03edfad01c82dbd

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    4d8cec55e2d65c14fee3b044a7571049

    SHA1

    3c34fae0e7c9a94fd897d67fa13177e734099c60

    SHA256

    731b6bd85b84318919bb54df948110756218ad4055707d45a5d46209df864808

    SHA512

    f584de2075f68aa355ad39622a87fc40f26130b30ca3f5582d296a3972be42c4705a75552aebcf4f0a94345898966e88d54d8f77f1216eabdf8384b4273ca9bc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    4f36f9372a051cfc45968cf00505d60c

    SHA1

    4d7f3448738e333d2366b9a09281020071ae3f7b

    SHA256

    fa32b58d28d72d476c0b5737129a1e5d4743820c668cb62137b3876e1c6dd788

    SHA512

    f29a6e9d40f2dc6ab89250be880eaca87a3168bf1d72fec7c2caa659217f2fb4eb38a1e02345d18ed02df316cbd3461ed8771e46eded1f4101485936fa06b27f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    700539b5ff6edf49770de3b7c4b3a1b7

    SHA1

    7023b0c7238139ea3c869c374d837b9632043435

    SHA256

    3a3e332be99237d64931630e6f324b0a80b3ac5d3056578798274b710e40fee8

    SHA512

    d6f0c760257a6d57fd3737dc13dba1e27980259ec13b2aac805225e50827bc014f47712ebd98d7918fa2e8735f31710d8ae94e3182e69df878f059ebc2533c2f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    febb6837b2742985eb0453203a3389bd

    SHA1

    13b3ec9f318bebdd70584192e590e05d55dbc3e0

    SHA256

    3f62c277789eef70e09fa43ec86cb162645d71e8fb2079f2cf0780aed9834a37

    SHA512

    369ccad4b8cdbc8df6c875f8111bc287e5faf8de990d073ec3e46f76fe4d096009f5773fe81fb0844e768754bc7b60d122b6c824e43c4ebaca06138f4e1d28e5

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    66c098bbe2262cf5d8890208d7ff8595

    SHA1

    379a25c0a1f11612b5bbcdd82a2d374e85dba1a1

    SHA256

    ce1038a853b269479052bdcc61a2ee65db7e9c332643e690df70f1a957cc654a

    SHA512

    a3f9cdbc5c6a06747473ef916bab2e8a7f9b08d086dd77e6abe33d473c8a940cb274a5bebeae6ad4002677c2eee40ff8639caf1724728f49af4bfae19cbde458

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    ae7990d90d1f8e6f33daa577d5966cb4

    SHA1

    515bebe839c0212f321675a7c35b6143fba8961d

    SHA256

    6d29e49a0912f740b667f63cf79bfe24c0038ac189d1f2fe101e308d2f93e8ac

    SHA512

    505f63c59173dca82ed803a7e15f26f24678abadcb6b829aa700cc31f62c5d5da9fc8b7d7f490eb024039d9b1450516c39dbb981aa12878ff544824760a3e79b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    222dd3898c4d115f0a138dcb8bd68e06

    SHA1

    4bf2bffeb81a4667213699dfe9c8cd974a094270

    SHA256

    5071a63f62310c7ef154552df96a6a3c2efb12c04d8cc008ab47bd425931ef5f

    SHA512

    aa4082bcae28e1a0d610d46af9805db486780cdd2b20f2919652d75b401677085790f35323801435099098238ea580e7ccee35f499a3c24123e4ceaac7d557d9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    e29efa92bd1199f643761e71c551df5d

    SHA1

    76a927cfbed2239010933d9bac9dda8f5bd81750

    SHA256

    8fa97e1c3de1ad361f2d42cdc67262f9739c7db43d2a17f70f4d8b9d92ffac28

    SHA512

    7d08a2aeee33fc59e128f8671ba514f17fd73d8dc92b84e9a6f25eb95a6ad83eb90085f6b62d19e35112548029f62ea22e4cf49f089b150726b8f771f64b529c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    45430a38bd73e348728db1ec3470927a

    SHA1

    3d7cb911931527b56a68886936db387c5994c365

    SHA256

    9e621b5f36359a187e405f9fed24b96cb1e213b35aac418a3859dd0b75a8aba3

    SHA512

    7fe4f05b12a1f9fa6dfdd00d5dcf4545cc07c46e76927ce78d3fe0906edeb52534c643f70ade3ee7283d1521d9f39a91b24eec53545a1253b417dc67148cdb06

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    d21d5d1a197bfb294c4513406839021d

    SHA1

    ef675a30c44c64e54c429f1883b44cd0fb3378cc

    SHA256

    940e1b021ac5e613da134621c7d6bb21075765d3ca682aca6ccd6e425184a80d

    SHA512

    3c2ea4d2f0846f3a5d521efff11bd338ac38013845911d054c270d84bfdce6401edc60c67e1f50f98dec8a31e87552447630fb4720cd82d94a679f362ff199e2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    f7a0b064ec2c8b001d440a7b5943ce20

    SHA1

    5b5a42414d76db4af977570b2cb483bed360630f

    SHA256

    cdbd38cd9dfbe1448f0e35207dea5f4dbae1cd9857e27dd1805a404111717d9e

    SHA512

    c3ab90ce5728d8f5bf3054ef1c8a1d2aebaba04b68aef5665fb5a6b41b21e649ac34e9dfd9e0b248c16e7c272a45aa636d2fe5140475bb9f5c15c1908daad466

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    7e3a0fd3ac5d36414b145077e8c409a2

    SHA1

    cf19d4a101565897d524da5f367b30c1caf664d6

    SHA256

    6378c36abd67f9d8d25f5bb5511a896bdb01555e68ebe3b9ee51f8a3840ae448

    SHA512

    4a752b74869eea26bc84aa6b01f1be3aa1723bf0b7ad6d6cd1dafef6913fa5ff7ef41feef87cbbee75c56fe593cf3a9cd0acc884a796a3acc2a6bc04947edc92

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    0d9eae0da06ac16c80aff4337dafadf5

    SHA1

    4079e80ae0405f89c6e67a211f5fe2e68cc168d0

    SHA256

    83771899366768fe34aa41e20a3ed308b02858772c60f1491c73100d2e1558fe

    SHA512

    37a5e6d18ac005900e8302f6bad98084b6d72aab1f263724d5f582386ee1e31443cf8143d7960cde6b9df902c357330464c3a0ea5c3fdf41fb2016143e709ad7

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    7353ba1be45e0ce90e90786ef825744c

    SHA1

    d0760f4601893cfb3b201f5b2e6243f21ac03c41

    SHA256

    7619e4885054fd4540cd7050fb2055db3a7828bb3f14e0dc9e17baabf295f821

    SHA512

    d3350b0c666d85520427466cb75cb046b427d541459c71c94a436b1f398d46311a9e0f454cedbb50b2d4e8e1d4546174818de2feba1865087979811446c506ce

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    3bab87589dec428064052b97972c2c9b

    SHA1

    15fd41d148a6423ef9c346dfc8ba9de266b93865

    SHA256

    e83ad911297df2db875b106aef74b4a6db8bffd8f9b8ad6aec688c1cc60699fb

    SHA512

    d58d3a8c8eb4e9c1d00ddd00e1e7b74c65ae92b41369444e4a5889dba0620a9142ed16b1f6384144c343746b513a34ca1d6738f9809ab386c32c16858b12440e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    161d9f2e7cef6276f528531ff9bdae77

    SHA1

    793fa9aedfa1f905553af9f1fd47e5619880ee56

    SHA256

    f115a9113d7f0bb437ef271cefa45b2d6d3b5b884d41f4fa7a62b0f6cf93cb8d

    SHA512

    7a19078dd835950125053bf98ac38e3b912289585d1306d39bb2091d5b8ed729987af66d1e7b597b5f01337710fe338c087ac00d51d53ecf3430707ce6dbf8e7

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    55d2636ad15882f0bc615890a016d41b

    SHA1

    49dfeb14de0fa2a0fcecde6df8f107ee9f807737

    SHA256

    c6dbda34748d867b35954cc2bd37333d29c0f81c7943f0f9fb7cd527d8105f8b

    SHA512

    3530fbfdea2e582581e881d246c85b742108e49977df111d735c8507acd17d4bc2338e3f0b9dc4314c23e05bfe27d7727a8eaa8868145dc3be78472dde901cc9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    86b19dbfff04300e5f4ac429651a7fdd

    SHA1

    f848eb66df32dcd1cc0ff45d67532e0293ea87ad

    SHA256

    2647485a94c3dc0cebc613ef265efd4d9c6f1c306398426ab18c1e1ace837d59

    SHA512

    354fbc514df8ddeec94ff60788477ff454134d39829a39d9fa566cf5b5e8ce375fb928d79f347591012f999d228cfad19fdda6ec14eef3bf5f42ec554ea5b133

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
    Filesize

    242B

    MD5

    bdf0f9bee9d31164a81c91460c3e69c0

    SHA1

    dfe9f893b88e146595dc8d1c5426f1a4fcfdc668

    SHA256

    e0a4582cedcb84c003a0ba620f268e88126e4edc0fb2418daf97dff370557cb6

    SHA512

    ba169ecb987549e46f14cc3355d29ba98d92523f8ac47ef8fcb1d70a7af839271d00fea1190f90c539d8998c0b8ffccb6fa1bcd43fb63ef3a102c9aad5f6a49e

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab4433.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar44D2.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit
  • C:\Windows\Temp\{3468E1D2-E798-4FB1-AEA2-3826B30E824B}\.ba\SideBar.png
    Filesize

    50KB

    MD5

    888eb713a0095756252058c9727e088a

    SHA1

    c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4

    SHA256

    79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067

    SHA512

    7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0

    Download Submit
  • \Windows\Temp\{3468E1D2-E798-4FB1-AEA2-3826B30E824B}\.ba\PythonBA.dll
    Filesize

    675KB

    MD5

    e58bf4439057b22e6db8735be19d61ad

    SHA1

    415e148ecf78754a72de761d88825366aaf7afa1

    SHA256

    e3d3f38fd9a32720db3a65180857497d9064cffe0a54911c96b6138a17199058

    SHA512

    8d3523a12ee82123a17e73e507d42ae3248bd5c0aa697d5a379e61b965781bd83c0c97de41104b494b1f3b42127ab4b48ac9a071d5194a75c2af107016fc8c9c

    Download Submit
  • \Windows\Temp\{CF74AC9F-E2C8-46C1-AC4E-2954D9C9571D}\.cr\python-3.12.4-amd64.exe
    Filesize

    858KB

    MD5

    504fdaeaa19b2055ffc58d23f830e104

    SHA1

    7071c8189d1ecd09173111f9787888723040433f

    SHA256

    8f211f3b8af3a2e6fd4aff1ac27a1ad9cd9737524e016b2e3bfc689dfdad95fb

    SHA512

    01aa983cbddfe38e69f381e8f8e66988273ef453b095012f9c0eeae01d39e32deb0e6fb369363cbb5e387485be33a53ac3ec16d3de1f42bb2cde0cfa05ceb366

    Download Submit