Overview
overview
3Static
static
1dumpsmc.py
ubuntu-18.04-amd64
1dumpsmc.py
debian-9-armhf
1dumpsmc.py
debian-9-mips
1dumpsmc.py
debian-9-mipsel
1gettools.py
ubuntu-18.04-amd64
1gettools.py
debian-9-armhf
1gettools.py
debian-9-mips
1gettools.py
debian-9-mipsel
1lnx-install.sh
ubuntu-18.04-amd64
3lnx-install.sh
debian-9-armhf
3lnx-install.sh
debian-9-mips
3lnx-install.sh
debian-9-mipsel
3lnx-uninstall.sh
ubuntu-18.04-amd64
3lnx-uninstall.sh
debian-9-armhf
3lnx-uninstall.sh
debian-9-mips
3lnx-uninstall.sh
debian-9-mipsel
3lnx-update-tools.sh
ubuntu-18.04-amd64
1lnx-update-tools.sh
debian-9-armhf
1lnx-update-tools.sh
debian-9-mips
1lnx-update-tools.sh
debian-9-mipsel
3python/_asyncio.dll
windows7-x64
python/_asyncio.dll
windows10-2004-x64
3python/_bz2.dll
windows7-x64
1python/_bz2.dll
windows10-2004-x64
3python/_ctypes.dll
windows7-x64
1python/_ctypes.dll
windows10-2004-x64
3python/_decimal.dll
windows7-x64
1python/_decimal.dll
windows10-2004-x64
3python/_el...ee.dll
windows7-x64
1python/_el...ee.dll
windows10-2004-x64
3python/_hashlib.dll
windows7-x64
1python/_hashlib.dll
windows10-2004-x64
3Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
14/07/2024, 12:48
Static task
static1
Behavioral task
behavioral1
Sample
dumpsmc.py
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral2
Sample
dumpsmc.py
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral3
Sample
dumpsmc.py
Resource
debian9-mipsbe-20240418-en
debian-9-mips
Behavioral task
behavioral4
Sample
dumpsmc.py
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
Behavioral task
behavioral5
Sample
gettools.py
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral6
Sample
gettools.py
Resource
debian9-armhf-20240418-en
debian-9-armhf
Behavioral task
behavioral7
Sample
gettools.py
Resource
debian9-mipsbe-20240611-en
debian-9-mips
Behavioral task
behavioral8
Sample
gettools.py
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
Behavioral task
behavioral9
Sample
lnx-install.sh
Resource
ubuntu1804-amd64-20240508-en
ubuntu-18.04-amd64
Behavioral task
behavioral10
Sample
lnx-install.sh
Resource
debian9-armhf-20240418-en
debian-9-armhf
Behavioral task
behavioral11
Sample
lnx-install.sh
Resource
debian9-mipsbe-20240611-en
debian-9-mips
Behavioral task
behavioral12
Sample
lnx-install.sh
Resource
debian9-mipsel-20240418-en
debian-9-mipsel
Behavioral task
behavioral13
Sample
lnx-uninstall.sh
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral14
Sample
lnx-uninstall.sh
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral15
Sample
lnx-uninstall.sh
Resource
debian9-mipsbe-20240418-en
debian-9-mips
Behavioral task
behavioral16
Sample
lnx-uninstall.sh
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
Behavioral task
behavioral17
Sample
lnx-update-tools.sh
Resource
ubuntu1804-amd64-20240508-en
ubuntu-18.04-amd64
Behavioral task
behavioral18
Sample
lnx-update-tools.sh
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral19
Sample
lnx-update-tools.sh
Resource
debian9-mipsbe-20240611-en
debian-9-mips
Behavioral task
behavioral20
Sample
lnx-update-tools.sh
Resource
debian9-mipsel-20240418-en
debian-9-mipsel
Behavioral task
behavioral21
Sample
python/_asyncio.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral22
Sample
python/_asyncio.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
python/_bz2.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral24
Sample
python/_bz2.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
python/_ctypes.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral26
Sample
python/_ctypes.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
python/_decimal.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral28
Sample
python/_decimal.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
python/_elementtree.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral30
Sample
python/_elementtree.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
python/_hashlib.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral32
Sample
python/_hashlib.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
General
-
Target
python/_elementtree.dll
-
Size
186KB
-
MD5
0c93b5ca9feb29d540130d9cec35e0b2
-
SHA1
2c1a13c6be0b6973cc510ad7b8d45c770ffaa7bf
-
SHA256
5a752063688a1efb7b999cf07ba4dc65312b4ff6935bddf9b78aefd2a052df31
-
SHA512
94b9b4a4c8fb732900f8a22d9c2cc4f7c11b04ef1e9be3713a0413a0d647cfc6fde51d118f47dd5fa59a691b4ab50d5a334e9342fa9c560ba8130861f3940974
-
SSDEEP
3072:1wppTvTFDbLx7eTeLmtRPiEXaXHyigMi2eTY6e2z7jnt18rV5l1Iz1fog523xM:WtLnLmtRSXHDZe86e2zHsrV5lq
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 3028 wrote to memory of 2020 3028 rundll32.exe 30 PID 3028 wrote to memory of 2020 3028 rundll32.exe 30 PID 3028 wrote to memory of 2020 3028 rundll32.exe 30 PID 3028 wrote to memory of 2020 3028 rundll32.exe 30 PID 3028 wrote to memory of 2020 3028 rundll32.exe 30 PID 3028 wrote to memory of 2020 3028 rundll32.exe 30 PID 3028 wrote to memory of 2020 3028 rundll32.exe 30