Analysis Overview
SHA256
c5f513dc12c9ef48e960d235428575de55c4c45091c9ecac3a1af5a7ea10f9fa
Threat Level: Known bad
The file Injector.exe was found to be: Known bad.
Malicious Activity Summary
Pysilon family
Detect Pysilon
Loads dropped DLL
Detects Pyinstaller
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-08-22 15:14
Signatures
Detect Pysilon
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Pysilon family
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-22 15:14
Reported
2024-08-22 15:19
Platform
win7-20240708-en
Max time kernel
12s
Max time network
21s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Injector.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2664 wrote to memory of 2620 | N/A | C:\Users\Admin\AppData\Local\Temp\Injector.exe | C:\Users\Admin\AppData\Local\Temp\Injector.exe |
| PID 2664 wrote to memory of 2620 | N/A | C:\Users\Admin\AppData\Local\Temp\Injector.exe | C:\Users\Admin\AppData\Local\Temp\Injector.exe |
| PID 2664 wrote to memory of 2620 | N/A | C:\Users\Admin\AppData\Local\Temp\Injector.exe | C:\Users\Admin\AppData\Local\Temp\Injector.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Injector.exe
"C:\Users\Admin\AppData\Local\Temp\Injector.exe"
C:\Users\Admin\AppData\Local\Temp\Injector.exe
"C:\Users\Admin\AppData\Local\Temp\Injector.exe"
Network
Files
C:\Users\Admin\AppData\Local\Temp\_MEI26642\python311.dll
| MD5 | 58e01abc9c9b5c885635180ed104fe95 |
| SHA1 | 1c2f7216b125539d63bd111a7aba615c69deb8ba |
| SHA256 | de1b95d2e951fc048c84684bc7df4346138910544ee335b61fc8e65f360c3837 |
| SHA512 | cd32c77191309d99aeed47699501b357b35669123f0dd70ed97c3791a009d1855ab27162db24a4bd9e719b68ee3b0539ee6db88e71abb9a2d4d629f87bc2c081 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-22 15:14
Reported
2024-08-22 15:19
Platform
win10v2004-20240802-en
Max time kernel
20s
Max time network
30s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Injector.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Injector.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 588 wrote to memory of 4064 | N/A | C:\Users\Admin\AppData\Local\Temp\Injector.exe | C:\Users\Admin\AppData\Local\Temp\Injector.exe |
| PID 588 wrote to memory of 4064 | N/A | C:\Users\Admin\AppData\Local\Temp\Injector.exe | C:\Users\Admin\AppData\Local\Temp\Injector.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Injector.exe
"C:\Users\Admin\AppData\Local\Temp\Injector.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4388,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=4072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Injector.exe
"C:\Users\Admin\AppData\Local\Temp\Injector.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 43.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI5882\python311.dll
| MD5 | 58e01abc9c9b5c885635180ed104fe95 |
| SHA1 | 1c2f7216b125539d63bd111a7aba615c69deb8ba |
| SHA256 | de1b95d2e951fc048c84684bc7df4346138910544ee335b61fc8e65f360c3837 |
| SHA512 | cd32c77191309d99aeed47699501b357b35669123f0dd70ed97c3791a009d1855ab27162db24a4bd9e719b68ee3b0539ee6db88e71abb9a2d4d629f87bc2c081 |
C:\Users\Admin\AppData\Local\Temp\_MEI5882\VCRUNTIME140.dll
| MD5 | 49c96cecda5c6c660a107d378fdfc3d4 |
| SHA1 | 00149b7a66723e3f0310f139489fe172f818ca8e |
| SHA256 | 69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc |
| SHA512 | e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d |
C:\Users\Admin\AppData\Local\Temp\_MEI5882\base_library.zip
| MD5 | 4719f992c339f290fc7b4ef0be8b3701 |
| SHA1 | 80bd1bda816bb6c0b2e447e0dd33e580dce24479 |
| SHA256 | 6607c74b72920ee28363cc89878feb886238502416767be4d561b41bfe0577fc |
| SHA512 | 60d1ab27692c08c9f915f1708c0b69a7b475d0f04fdbbfd9f363d5f60142e944ca68f79e31ef5bc5140119e5296f377c272439a53c75d0db4480640d8e44fc24 |