Overview

overview

5

Static

static

3

Python/Lau...py.exe

windows7-x64

1

Python/Lau...py.exe

windows10-2004-x64

3

Python/Lau...64.dll

windows7-x64

5

Python/Lau...64.dll

windows10-2004-x64

5

Python/Lau...yw.exe

windows7-x64

1

Python/Lau...yw.exe

windows10-2004-x64

3

Python/Pyt...io.dll

windows7-x64

1

Python/Pyt...io.dll

windows10-2004-x64

1

Python/Pyt...z2.dll

windows7-x64

1

Python/Pyt...z2.dll

windows10-2004-x64

1

Python/Pyt...es.dll

windows7-x64

1

Python/Pyt...es.dll

windows10-2004-x64

1

Python/Pyt...st.dll

windows7-x64

1

Python/Pyt...st.dll

windows10-2004-x64

1

Python/Pyt...al.dll

windows7-x64

1

Python/Pyt...al.dll

windows10-2004-x64

1

Python/Pyt...ee.dll

windows7-x64

1

Python/Pyt...ee.dll

windows10-2004-x64

1

Python/Pyt...ib.dll

windows7-x64

1

Python/Pyt...ib.dll

windows10-2004-x64

1

Python/Pyt...ma.dll

windows7-x64

1

Python/Pyt...ma.dll

windows10-2004-x64

1

Python/Pyt...si.dll

windows7-x64

1

Python/Pyt...si.dll

windows10-2004-x64

1

Python/Pyt...ng.dll

windows7-x64

1

Python/Pyt...ng.dll

windows10-2004-x64

1

Python/Pyt...ed.dll

windows7-x64

1

Python/Pyt...ed.dll

windows10-2004-x64

1

Python/Pyt...ue.dll

windows7-x64

1

Python/Pyt...ue.dll

windows10-2004-x64

1

Python/Pyt...e3.dll

windows7-x64

1

Python/Pyt...e3.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    129s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/11/2024, 08:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Python/Launcher/pyshellext.amd64.dll

  • Size

    49KB

  • MD5

    740dcc24ba59f6205de3d5c5575a19a7

  • SHA1

    2a911e51bb2571f5792c49008a2a2103fc0ed0ad

  • SHA256

    6a4a987548a8fa13c8678fdae921c2084a92048e6002400d5c48d695c502e0bd

  • SHA512

    e652043da39b4fe631e428d8422b642cf3bcab0b2068befa7056cfc8c601cfa95f7c6faa552f53dc3f773834d192b3eda7f69bdb78ece6bb0cb9278779cd8d24

  • SSDEEP

    1536:nDkRbNy163+jd/Coq/JPY7DxIsbmdMHXVMYuYJsZ56obHKG60WogRjNfuZdRzAHo:D6bM163+jd/Coq/JPY7DxIsbmdMHXVMP

Score
5/10
persistenceprivilege_escalation

Malware Config

Signatures

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Modifies registry class 4 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\Python\Launcher\pyshellext.amd64.dll
    1⤵
    • Modifies registry class
    PID:1308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads