fc832a662afc57f6e5e832cc3260c3460cc22c5e1af1da1ffb11c28a98aba690 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 02:34

Sharing

Report Analysis Logs

General

Target

PyWare.exe
Size

28.9MB
MD5

37f264d6804fba919bcd4ead24217a2c
SHA1

d62991b70534a98369370b9a695c26f0f6b48deb
SHA256

fc832a662afc57f6e5e832cc3260c3460cc22c5e1af1da1ffb11c28a98aba690
SHA512

0775b344ec7ff65cc65ff9d1c683db83b5e8809470f74049a17a2f025c89ffa0346999fffc38b3e98668b0cf777910906a5727ab809365fa1b3679dc027f2eb3
SSDEEP

786432:y5B+KU1h/JyVmIGrtMIDc/SKduUetISVwFow/0391pmar0ScuVaz:yIjxyVxUtMIDkDdWwFow8t1Qarm

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1908	PyWare.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1908	PyWare.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 1908	2240	PyWare.exe	28
PID 2240 wrote to memory of 1908	2240	PyWare.exe	28
PID 2240 wrote to memory of 1908	2240	PyWare.exe	28

C:\Users\Admin\AppData\Local\Temp\PyWare.exe
"C:\Users\Admin\AppData\Local\Temp\PyWare.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Users\Admin\AppData\Local\Temp\PyWare.exe
  "C:\Users\Admin\AppData\Local\Temp\PyWare.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI22402\python310.dll

Filesize
4.2MB

MD5
e9c0fbc99d19eeedad137557f4a0ab21

SHA1
8945e1811ceb4b26f21edcc7a36dcf2b1d34f0bf

SHA256
5783c5c5a3ffce181691f19d27de376a03010d32e41360b72bcdbd28467cfcc5

SHA512
74e1289683642ae2bc3cf780a07af1f27fed2011ef6cc67380f9c066c59d17a2fb2394a45a5c6cd75dad812a61093fdbd0f2108925f5c58fc6644c1c98be5c0b

Download Submit