pysilon | 0e288f2f0107e03ff43073c7871517c8c7b3a92dab616950b0195c5d9b95d638 | Triage

Submit
Reports

Overview

overview

Static

static

sourceprepared.exe

windows7-x64

7

sourceprepared.exe

windows10-2004-x64

8

Sharing

General

Target

sourceprepared.exe
Size

77.0MB
Sample

240927-d4dfkswdqa
MD5

c73830a0d98a64215f65926f7ab90019
SHA1

68e999e1553d646954e8832acc97126424b9adbe
SHA256

0e288f2f0107e03ff43073c7871517c8c7b3a92dab616950b0195c5d9b95d638
SHA512

f687df62de585adbc9fda386e4ecc7c24955c0ec71cc96fb6417c012a2199054b4f88f52f558c6fd5b7afc11655b0bf106d099acb616fa8a748755f37d55a11c
SSDEEP

1572864:7vHcRlnWQmSk8IpG7V+VPhqFxE7ulHQBBPiYweyJulZUdgD7OrayyOlqH1O3:7vHcRVbmSkB05awFjdQnApu/7Or93cO3

Score

10^/10

pysilon evasion execution persistence pyinstaller upx

Static task

static1

pyinstaller pysilon

4 signatures

Behavioral task

behavioral1

Sample

sourceprepared.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

sourceprepared.exe

Resource

win10v2004-20240802-en

evasion execution persistence upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  sourceprepared.exe
- Size
  
  77.0MB
- MD5
  
  c73830a0d98a64215f65926f7ab90019
- SHA1
  
  68e999e1553d646954e8832acc97126424b9adbe
- SHA256
  
  0e288f2f0107e03ff43073c7871517c8c7b3a92dab616950b0195c5d9b95d638
- SHA512
  
  f687df62de585adbc9fda386e4ecc7c24955c0ec71cc96fb6417c012a2199054b4f88f52f558c6fd5b7afc11655b0bf106d099acb616fa8a748755f37d55a11c
- SSDEEP
  
  1572864:7vHcRlnWQmSk8IpG7V+VPhqFxE7ulHQBBPiYweyJulZUdgD7OrayyOlqH1O3:7vHcRVbmSkB05awFjdQnApu/7Or93cO3
Score

8^/10

upx evasion execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstallerpysilon

behavioral1

behavioral2

evasionexecutionpersistenceupx

© 2018-2025

Terms | Privacy