Overview

overview

5

Static

static

3

Python/Lau...py.exe

windows7-x64

1

Python/Lau...py.exe

windows10-2004-x64

3

Python/Lau...64.dll

windows7-x64

5

Python/Lau...64.dll

windows10-2004-x64

5

Python/Lau...yw.exe

windows7-x64

1

Python/Lau...yw.exe

windows10-2004-x64

3

Python/Pyt...io.dll

windows7-x64

1

Python/Pyt...io.dll

windows10-2004-x64

1

Python/Pyt...z2.dll

windows7-x64

1

Python/Pyt...z2.dll

windows10-2004-x64

1

Python/Pyt...es.dll

windows7-x64

1

Python/Pyt...es.dll

windows10-2004-x64

1

Python/Pyt...st.dll

windows7-x64

1

Python/Pyt...st.dll

windows10-2004-x64

1

Python/Pyt...al.dll

windows7-x64

1

Python/Pyt...al.dll

windows10-2004-x64

1

Python/Pyt...ee.dll

windows7-x64

1

Python/Pyt...ee.dll

windows10-2004-x64

1

Python/Pyt...ib.dll

windows7-x64

1

Python/Pyt...ib.dll

windows10-2004-x64

1

Python/Pyt...ma.dll

windows7-x64

1

Python/Pyt...ma.dll

windows10-2004-x64

1

Python/Pyt...si.dll

windows7-x64

1

Python/Pyt...si.dll

windows10-2004-x64

1

Python/Pyt...ng.dll

windows7-x64

1

Python/Pyt...ng.dll

windows10-2004-x64

1

Python/Pyt...ed.dll

windows7-x64

1

Python/Pyt...ed.dll

windows10-2004-x64

1

Python/Pyt...ue.dll

windows7-x64

1

Python/Pyt...ue.dll

windows10-2004-x64

1

Python/Pyt...e3.dll

windows7-x64

1

Python/Pyt...e3.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    144s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/08/2024, 15:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Python/Python312/DLLs/_multiprocessing.dll

  • Size

    34KB

  • MD5

    a4281e383ef82c482c8bda50504be04a

  • SHA1

    4945a2998f9c9f8ce1c078395ffbedb29c715d5d

  • SHA256

    467b0fef42d70b55abf41d817dff7631faeef84dce64f8aadb5690a22808d40c

  • SHA512

    661e38b74f8bfdd14e48e65ee060da8ecdf67c0e3ca1b41b6b835339ab8259f55949c1f8685102fd950bf5de11a1b7c263da8a3a4b411f1f316376b8aa4a5683

  • SSDEEP

    768:eovdQkOU3QzbxQ0zTdFIjWtJ5YiSyv3ORAMxkEW:3lNynxQ0zTdFIjWtX7Sy25xS

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Python\Python312\DLLs\_multiprocessing.dll,#1
    1⤵
      PID:4108

    Network

    • flag-us
      DNS
      71.31.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      71.31.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
    • flag-us
      DNS
      79.190.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      79.190.18.2.in-addr.arpa
      IN PTR
      Response
      79.190.18.2.in-addr.arpa
      IN PTR
      a2-18-190-79deploystaticakamaitechnologiescom
    • flag-us
      DNS
      237.21.107.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.21.107.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      183.59.114.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      183.59.114.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      71.190.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      71.190.18.2.in-addr.arpa
      IN PTR
      Response
      71.190.18.2.in-addr.arpa
      IN PTR
      a2-18-190-71deploystaticakamaitechnologiescom
    • flag-us
      DNS
      172.214.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.214.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      36.56.20.217.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      36.56.20.217.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      14.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.227.111.52.in-addr.arpa
      IN PTR
      Response
    • 13.107.21.237:443
      g.bing.com
      tls
      2.0kB
       9.3kB
       22
      19
    • 52.111.243.31:443
      322 B
       7
    • 8.8.8.8:53
      71.31.126.40.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      71.31.126.40.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       151 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      13.107.21.237
      204.79.197.237

    • 8.8.8.8:53
      79.190.18.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      79.190.18.2.in-addr.arpa

    • 8.8.8.8:53
      237.21.107.13.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      237.21.107.13.in-addr.arpa

    • 8.8.8.8:53
      43.58.199.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      43.58.199.20.in-addr.arpa

    • 8.8.8.8:53
      183.59.114.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      183.59.114.20.in-addr.arpa

    • 8.8.8.8:53
      206.23.85.13.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      206.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      71.190.18.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      71.190.18.2.in-addr.arpa

    • 8.8.8.8:53
      172.214.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.214.232.199.in-addr.arpa

    • 8.8.8.8:53
      36.56.20.217.in-addr.arpa
      dns
      71 B
       131 B
       1
      1

      DNS Request

      36.56.20.217.in-addr.arpa

    • 8.8.8.8:53
      14.227.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      14.227.111.52.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.