pysilon | 69cf2f14d10ba88824b0f38eaba6fadc60fc2c340c9fc364a98398093f3d2f37 | Triage

Submit
Reports

Overview

overview

Static

static

source_prepared.exe

windows10-2004-x64

8

source_prepared.exe

windows11-21h2-x64

8

Sharing

General

Target

source_prepared.exe
Size

80.9MB
Sample

240828-t9tmraybrj
MD5

01dfff92552543795a59f3965f8ca75a
SHA1

761930c16bf20277ff440fb35c73639510ff68be
SHA256

69cf2f14d10ba88824b0f38eaba6fadc60fc2c340c9fc364a98398093f3d2f37
SHA512

e3c0bb33e383e5f9b5dd757c46fa4009981c619294af0cd23464fbc5b772fb473b50096246969dd22ac3f484a81a68e18310c3b54402e455e7d5b24108c629ef
SSDEEP

1572864:UvxZQglXJdW67vaSk8IpG7V+VPhqb+TnE7Ulg8iYgj+h58sMw5IH9rWocJXt:UvxZxRLVeSkB05awb+Tfe25F09rit

Score

10^/10

pysilon evasion execution persistence pyinstaller upx

Static task

static1

pyinstaller pysilon

4 signatures

Behavioral task

behavioral1

Sample

source_prepared.exe

Resource

win10v2004-20240802-en

evasion execution persistence upx

windows10-2004-x64

14 signatures

1800 seconds

Behavioral task

behavioral2

Sample

source_prepared.exe

Resource

win11-20240802-en

evasion execution persistence upx

windows11-21h2-x64

14 signatures

1800 seconds

Malware Config

Targets

- Target
  
  source_prepared.exe
- Size
  
  80.9MB
- MD5
  
  01dfff92552543795a59f3965f8ca75a
- SHA1
  
  761930c16bf20277ff440fb35c73639510ff68be
- SHA256
  
  69cf2f14d10ba88824b0f38eaba6fadc60fc2c340c9fc364a98398093f3d2f37
- SHA512
  
  e3c0bb33e383e5f9b5dd757c46fa4009981c619294af0cd23464fbc5b772fb473b50096246969dd22ac3f484a81a68e18310c3b54402e455e7d5b24108c629ef
- SSDEEP
  
  1572864:UvxZQglXJdW67vaSk8IpG7V+VPhqb+TnE7Ulg8iYgj+h58sMw5IH9rWocJXt:UvxZxRLVeSkB05awb+Tfe25F09rit
Score

8^/10

evasion execution persistence upx
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallerpysilon

behavioral1

evasionexecutionpersistenceupx

behavioral2

evasionexecutionpersistenceupx

© 2018-2025

Terms | Privacy