Overview

overview

3

Static

static

3

DrawBot.zip

windows10-2004-x64

1

DrawBot/MSVCP140.dll

windows10-2004-x64

3

DrawBot/MS..._1.dll

windows10-2004-x64

3

DrawBot/PI...32.dll

windows10-2004-x64

3

DrawBot/PI...32.dll

windows10-2004-x64

3

DrawBot/PI...32.dll

windows10-2004-x64

3

DrawBot/Py...on.dll

windows10-2004-x64

3

DrawBot/Py..._ar.qm

windows10-2004-x64

3

DrawBot/Py..._bg.qm

windows10-2004-x64

3

DrawBot/Py..._ca.qm

windows10-2004-x64

3

DrawBot/Py..._cs.qm

windows10-2004-x64

3

DrawBot/Py..._da.qm

windows10-2004-x64

3

DrawBot/Py..._de.qm

windows10-2004-x64

3

DrawBot/Py..._en.qm

windows10-2004-x64

3

DrawBot/Py..._es.qm

windows10-2004-x64

3

DrawBot/Py..._fi.qm

windows10-2004-x64

3

DrawBot/Py..._fr.qm

windows10-2004-x64

3

DrawBot/Py..._gd.qm

windows10-2004-x64

3

DrawBot/Py..._he.qm

windows10-2004-x64

3

DrawBot/Py..._hu.qm

windows10-2004-x64

3

DrawBot/Py..._it.qm

windows10-2004-x64

3

DrawBot/Py..._ja.qm

windows10-2004-x64

3

DrawBot/Py..._ko.qm

windows10-2004-x64

3

DrawBot/Py..._lv.qm

windows10-2004-x64

3

DrawBot/Py..._pl.qm

windows10-2004-x64

3

DrawBot/Py..._ru.qm

windows10-2004-x64

3

DrawBot/Py..._sk.qm

windows10-2004-x64

3

DrawBot/Py..._tr.qm

windows10-2004-x64

3

DrawBot/Py..._uk.qm

windows10-2004-x64

3

DrawBot/Py..._TW.qm

windows10-2004-x64

3

DrawBot/_socket.dll

windows10-2004-x64

3

DrawBot/ba...ry.zip

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/08/2024, 17:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    DrawBot/PIL/_webp.cp38-win32.dll

  • Size

    430KB

  • MD5

    a3296e2693fb114d5ffe53cad3e8846b

  • SHA1

    4dbe57ec4f65305eb1c0ac59439d35d03d3c3a8b

  • SHA256

    bf21c3ed18c838caf572d0ed80a0b9bc3cf6bb6a84313c547e5c5806c77e68ff

  • SHA512

    614a2fafaaacd6d30c5a97c10c8ad19f8b97938d5cd15648843b00694490d157aafec95592ba912b978cf06a24a2719fc55a8ba8365f6b79e1ee0cf611215702

  • SSDEEP

    6144:8PaIllVBHS+FTanhrQgnTh+cOvjCPuX+0g9BLv0ogz6pixIlEJDZnt8laMxzM:ua6lvHS+FTanhrQYh+BhPjuUt0G

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\DrawBot\PIL\_webp.cp38-win32.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1280
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\DrawBot\PIL\_webp.cp38-win32.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2148

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads