Overview

overview

10

Static

static

3

pycharm 20...n).exe

windows7-x64

10

pycharm 20...n).exe

windows10-2004-x64

7

Analysis

  • max time kernel
    15s
  • max time network
    16s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-11-2024 18:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pycharm 2020.1 crack with license key latest free download (mac win).exe

  • Size

    901.2MB

  • MD5

    4aa34a6dcee31a6f0291cd280d792638

  • SHA1

    b306b724fcd0fe4c682c7b2f1ca2d391fdf02d70

  • SHA256

    dcbe5ba793cff144afefb4b52632520f6ec5be31e007267bb861c3d429bfbc2d

  • SHA512

    7e7657524b8a407ad4f4d228e73269f604ed9c219362995301bb3de96f59747f8cbd443f16d27bb3a79de357d6af7ae0e860239f8ad738b58057be14acb6dd57

  • SSDEEP

    196608:IP5DkvoHey5Pld/U1vDPZnwlH84zcz3ntQMt7LrDNDGsSLJa5BrRk:IWyeWT/URZwFzcz3tQogP2

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates processes with tasklist 1 TTPs 2 IoCs
    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\pycharm 2020.1 crack with license key latest free download (mac win).exe
    "C:\Users\Admin\AppData\Local\Temp\pycharm 2020.1 crack with license key latest free download (mac win).exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:5088
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy Brunei Brunei.cmd & Brunei.cmd
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3100
      • C:\Windows\SysWOW64\tasklist.exe
        tasklist
        3⤵
        • Enumerates processes with tasklist
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:1212
      • C:\Windows\SysWOW64\findstr.exe
        findstr /I "wrsa opssvc"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4476
      • C:\Windows\SysWOW64\tasklist.exe
        tasklist
        3⤵
        • Enumerates processes with tasklist
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:4392
      • C:\Windows\SysWOW64\findstr.exe
        findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2900
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c md 256267
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4396
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c copy /b ..\Ecological + ..\Something + ..\Consulting + ..\Coffee + ..\Underlying + ..\Employee Q
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2348
      • C:\Users\Admin\AppData\Local\Temp\256267\Efficiency.com
        Efficiency.com Q
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1144
      • C:\Windows\SysWOW64\choice.exe
        choice /d y /t 5
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\256267\Q
    Filesize

    484KB

    MD5

    d7ba2d169be2aaedb58fc6ae7cf950f6

    SHA1

    255eb0d67c724a97ab32d16600b7aeb79d26b6eb

    SHA256

    dc3ee8ea7f6e1792c4578ad893d579d8165c7d3a9b4ebe61dc27934c5584f66c

    SHA512

    c17940b5b7aae805ea6a50df945594ff4ec10a85c3cfedbf25a3b333880ff9c1cdc2cbbca5518c6b750ccc00373450959e765a57a47f5c8900053ea0c44d4445

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Brunei
    Filesize

    26KB

    MD5

    86e6ea095e903b5bc2f36fb64165b2ce

    SHA1

    ff26105ec6f2efde2fb61173050b89a927441344

    SHA256

    5106b66e910cdb8b52b819e837c6de4f7ee2aac2d53bc7355db878d4870f1943

    SHA512

    5b1503818a69d4c9eadc91d777b33140b8645b953589604055b3865d3f8884008e645bfee4cffa98170c7734e1f2a0a223b12066721b0ea08066b210bf0cfc54

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Celebration
    Filesize

    925KB

    MD5

    62d09f076e6e0240548c2f837536a46a

    SHA1

    26bdbc63af8abae9a8fb6ec0913a307ef6614cf2

    SHA256

    1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49

    SHA512

    32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Coffee
    Filesize

    90KB

    MD5

    77b12c07393313514e6184a375226839

    SHA1

    a2cc46f4ae51be33f1b24617b413dea8d29921f9

    SHA256

    6f600615a3d1b8a10ff91359d07cb9ad9404eafc28ba736d68de006750bfbf94

    SHA512

    b7d255852842c949d445f2e47f78eb64c801ecb2aae3e707611fa364f888a494afdb5f9dd0b634e9c13aaaf331cb5c4fe48cd8c797fd128526b7e509caf0c689

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Consulting
    Filesize

    96KB

    MD5

    c7ef51a71d4fbe8f838dff23ed1e4929

    SHA1

    237460f0401758a8fb75223fad5d299db604802f

    SHA256

    90d8a2506d381ea6240096caace82498f5f599c5d32201b0a256ca2934d2ffd2

    SHA512

    ddd6b16448b6990dd2724e8160b0d22396ad724a405fcf62ca524169baeefbf69debae87357697c758902b5163b2e3fa62336663083b69adfd6d52031a2d7984

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Ecological
    Filesize

    84KB

    MD5

    fb009fe95c1dffc3f8b7daca36dc083c

    SHA1

    a977cffa508c9b82336f455c8e63a28ef8bd6743

    SHA256

    94c1594b3ae252690085351f921e038c1289eb4fed65ee75b13d6508ecb7bbdb

    SHA512

    35a85aca09ecce4dc48fa487c7bf1e576c7ecfa96c95a02b392275ca8f863c280b36a398686b39e83b696647e716023542288d6f78343118a1673726599db50d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Employee
    Filesize

    73KB

    MD5

    740f5cf5643564318a4747d09604a4a1

    SHA1

    34f98a599c95e9dd4d6dd4ba674ea1c04f1d1971

    SHA256

    2577c1d66fdeca2e80cbce1baab50286c4df8389b2e5acd5f072e0b9fee1d5e1

    SHA512

    9860921682950ef22f733aa206dc99c3698994198d9f8b764ae6430d930f86844da798c431ef70513f0b4b49a4ab30aad9926c51f7820bdc0fdc67bdb6c0b55d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Something
    Filesize

    53KB

    MD5

    983f92437d97fb0ac3ae37567de237f8

    SHA1

    5dbca1ccea8eeb92da994268ffd66f5ec09c7f50

    SHA256

    94d661e8ea870ce2e28f4952e641e1ed47a7ef029816bdc6619d3cd12fc58bcd

    SHA512

    7c046b6ad03defc6b37bf028cb8888b45a5271a02448a06b73f6e74468b88966ed396b734c8f6cdc6ac4078e295c96bd9f68de793e2dd13fd95a9f494220f919

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Underlying
    Filesize

    88KB

    MD5

    77614c997a197c9f65c41c4d76d5cf8e

    SHA1

    f1dd2a60753c8329752e6615c26b91910b4dda04

    SHA256

    91eb447971a2908f28d7b49febe467ce5e4568df479a8b1a4856ae7214b08fd5

    SHA512

    9bc88fe4f3c8935cc4fab8b68662edc3ab3b3110add22cf76abd2b5ad27ed6c84d325a7c0d3a9edcb0fe14a750983c6c92c974902c22436af4beb294f5a7bc45

    Download Submit