Overview

overview

3

Static

static

3

Minecraft....io.exe

windows11-21h2-x64

3

$PLUGINSDI...er.bmp

windows11-21h2-x64

3

$PLUGINSDI...rd.bmp

windows11-21h2-x64

3

Data/Pytho...es.zip

windows11-21h2-x64

1

Data/Pytho...SE.txt

windows11-21h2-x64

3

Data/Pytho...30.pxd

windows11-21h2-x64

3

Data/Pytho...__.pxd

windows11-21h2-x64

3

Data/Pytho...__.pyi

windows11-21h2-x64

3

Data/Pytho...er.pyi

windows11-21h2-x64

3

Data/Pytho...le.pyi

windows11-21h2-x64

3

Data/Pytho...__.pyi

windows11-21h2-x64

3

Data/Pytho...ay.pyi

windows11-21h2-x64

3

Data/Pytho...hack.c

windows11-21h2-x64

3

Data/Pytho...__.pyi

windows11-21h2-x64

3

Data/Pytho...ft.pyi

windows11-21h2-x64

3

Data/Pytho...er.pyi

windows11-21h2-x64

3

Data/Pytho...__.pyi

windows11-21h2-x64

3

Data/Pytho...on.pyi

windows11-21h2-x64

3

Data/Pytho...ad.pyi

windows11-21h2-x64

3

Data/Pytho...ps.pyi

windows11-21h2-x64

3

Data/Pytho...or.pyi

windows11-21h2-x64

3

Data/Pytho...at.pyi

windows11-21h2-x64

3

Data/Pytho...se.pyi

windows11-21h2-x64

3

Data/Pytho...ms.pyi

windows11-21h2-x64

3

Data/Pytho...ks.pyi

windows11-21h2-x64

3

Data/Pytho...se.pyi

windows11-21h2-x64

3

Data/Pytho...ce.pyc

windows11-21h2-x64

3

Data/Pytho...ad.pyc

windows11-21h2-x64

3

Data/Pytho...at.pyc

windows11-21h2-x64

3

Data/Pytho...ay.pyc

windows11-21h2-x64

3

Data/Pytho...__.pyc

windows11-21h2-x64

3

Data/Pytho...32.dll

windows11-21h2-x64

3

Analysis

  • max time kernel
    88s
  • max time network
    95s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18/08/2024, 14:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Data/Python/Lib/site-packages/numpy/linalg/_umath_linalg.cp38-win32.dll

  • Size

    80KB

  • MD5

    fda983921890e7e0d9f437c9676d5ac8

  • SHA1

    70468f6be43e3fc3f610402771a14a683a504e11

  • SHA256

    b96c5a44c7ac9dca9d4c63193748032383fc8ce402e6162941748e5de1b89f0d

  • SHA512

    338fea8ea8c5a9c2e6c624d524622ba47ef075f17c7b227983e0f51d50b06234c2c3dd2fee53f07b1ad3c6901ab0118dcddea9492f08b06a7400b354065082ea

  • SSDEEP

    1536:kCURkRROlEgdyVXy15GPoVcoeEQrYsNn+xXiqzb0nulnrtklbJS+ntcRP1ppFoIk:kCURkRA1dylYcPoVcoeEQrYC+xXiqf0j

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Data\Python\Lib\site-packages\numpy\linalg\_umath_linalg.cp38-win32.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:792
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Data\Python\Lib\site-packages\numpy\linalg\_umath_linalg.cp38-win32.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1744

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads