Overview

overview

6

Static

static

1

python-3.1...64.exe

windows7-x64

4

python-3.1...64.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    119s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    27/07/2024, 13:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    python-3.11.0-amd64.exe

  • Size

    24.0MB

  • MD5

    4fe11b2b0bb0c744cf74aff537f7cd7f

  • SHA1

    b4f5627009f897d3ce9664242e7f7968b55759f1

  • SHA256

    b5884fa3f05f88bbb617d08584930770c00bbcf675f2865a9161c2358829b605

  • SHA512

    80f535f7bc5a3d0a7d645c432ec8fdc86474e129d318c474bec043b568d969e989f2d1d3cde955d4316405e2dcce74aa07adc4734756cb833495910f443c3a13

  • SSDEEP

    393216:eDU6aubdmT1K7iJC6b+dm9kgTWrB3ldBVO9dJiNQbaWd6LwnCtYr6ICEy6uafw:eDUCY1I6KI9kgTiPdjWaypdwxc9Nyyfw

Score
4/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\python-3.11.0-amd64.exe
    "C:\Users\Admin\AppData\Local\Temp\python-3.11.0-amd64.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Windows\Temp\{8FA4710F-A603-4CBB-BF87-E1DCC4C9695B}\.cr\python-3.11.0-amd64.exe
      "C:\Windows\Temp\{8FA4710F-A603-4CBB-BF87-E1DCC4C9695B}\.cr\python-3.11.0-amd64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\python-3.11.0-amd64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2132

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Temp\{559A3A04-2FC3-43FA-89EC-C71D5DAD6BD7}\.ba\SideBar.png
    Filesize

    50KB

    MD5

    888eb713a0095756252058c9727e088a

    SHA1

    c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4

    SHA256

    79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067

    SHA512

    7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0

    Download Submit

  • C:\Windows\Temp\{8FA4710F-A603-4CBB-BF87-E1DCC4C9695B}\.cr\python-3.11.0-amd64.exe
    Filesize

    855KB

    MD5

    7711c60d5db60b1dfd6660016cf02d6f

    SHA1

    6b38524ee7961e9bd224c75ead54449c0d77bb12

    SHA256

    f13fda5a87d010e15eb167e5dcaec27121e4427ae9c8c9991db95ed5fe36de1b

    SHA512

    55aac69297dd5a19d8a78e0e36ce6be23d940d26ac4831e1db09c9aa5b43243158b8f2b24df4a2638b98442c305b0bd1547d8c597c8339e5938e73417820ac37

    Download Submit

  • \Windows\Temp\{559A3A04-2FC3-43FA-89EC-C71D5DAD6BD7}\.ba\PythonBA.dll
    Filesize

    671KB

    MD5

    5d8fa952950469a8904e4f68ac193699

    SHA1

    ce9f68fb9601b9a5b95fc93c88a3a22ed42afa3d

    SHA256

    ca7527124a97079c229332867bd27fede3eb263a52639b4bdaf39ed47e604e57

    SHA512

    58c43a813ff9f5bebe2928e68b7f28f999922248ccc6e8cf6ce5f14baf6aa42b9b8e59fe9b638c5376e7e4e86fe21eae185fd51328b7b000bbe6903794e161b4

    Download Submit