Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05-09-2024 12:18

General

  • Target

    PySilon-malware-main/resources/source_code/file_downloading.py

  • Size

    4KB

  • MD5

    d3d2c2469f0f3e335cc3bfc343aaeb0d

  • SHA1

    3db2a71c63dda6ffbe66ddd9c101d7a0f2266be8

  • SHA256

    58005391141c40223e90e3e6e1f98ec8ac69b9cb0c46e5fb8ec98cd646eda0dd

  • SHA512

    ea012e34d593c32b0fdf1ef3376468bc2e40914beb476a4fd3b127eaca659e9957e936017f199bfd893e54ca07a0dcdd3b7cd6579226c0d3f91b4b6d97f5aa7a

  • SSDEEP

    48:eYQn45DIAtaAhvOiFjjn80sUpSN4G58mVtac6uo/iftaghvrYqy5taghvj:eD4l0AhJjz8M0CG58m2h6Ygh8Egh7

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\PySilon-malware-main\resources\source_code\file_downloading.py
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2532
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\PySilon-malware-main\resources\source_code\file_downloading.py
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2192
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\PySilon-malware-main\resources\source_code\file_downloading.py"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2312

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    608e0db3ecd1416a9cf2c594935d4e17

    SHA1

    37bde838f81a1b810c6588a79be9867b13d823b6

    SHA256

    04141bd703079c479e83ecfe376457dac7f4cf0504ad120a0bc9611fa4b82483

    SHA512

    0a3e8d14a7662c86bdc68c7f77404895866b4c9db0910b1f8e3f784cecdb147038c5d1cd5d634a9c28e05020d2b5788087fe31bf605d821216fbba6622b2e054