Overview

overview

10

Static

static

10

empyrean-m...ld.bat

windows10-2004-x64

1

empyrean-m...ain.py

windows10-2004-x64

3

empyrean-m...ild.py

windows10-2004-x64

3

empyrean-m...fig.py

windows10-2004-x64

3

empyrean-m...env.py

windows10-2004-x64

3

empyrean-m...ate.py

windows10-2004-x64

3

empyrean-m...fig.py

windows10-2004-x64

3

empyrean-m...on.bat

windows10-2004-x64

8

empyrean-m...bug.py

windows10-2004-x64

3

empyrean-m...ers.py

windows10-2004-x64

3

empyrean-m...ken.py

windows10-2004-x64

3

empyrean-m...ion.py

windows10-2004-x64

3

empyrean-m...tup.py

windows10-2004-x64

3

empyrean-m...nfo.py

windows10-2004-x64

3

empyrean-m...fig.py

windows10-2004-x64

3

empyrean-m...ain.py

windows10-2004-x64

3

Analysis

  • max time kernel
    423s
  • max time network
    1142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/11/2024, 16:34 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    empyrean-main/src/components/systeminfo.py

  • Size

    6KB

  • MD5

    dacc6629a93a629f2e5e8dd6e6ac8752

  • SHA1

    f0b8436cf7d2e9fcc3d84da50955b82b9817eef4

  • SHA256

    e4aa53a74dbe1a23ddd6b678ef982cb1ce680e50385dba761f5e4971944abf8d

  • SHA512

    5ba2c0a24cb45f306bcc5d91be69f5e2ca90bccae0988874491a5e6018858e0a90f5c5b292365f6662c2f812d156e8dac71297afe395ec813a28a75c577c7e2a

  • SSDEEP

    96:o62a5Q8kjqXmBHyCOMHdpvlGa4sVV2iHhhrqZb+zadcTP9eTnSIf:PQRyGTka/T2oOZazaaL9erj

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\empyrean-main\src\components\systeminfo.py
    1⤵
    • Modifies registry class
    PID:4824
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3088

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    68.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    53.210.109.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    53.210.109.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.163.245.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.163.245.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.36.159.162.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.36.159.162.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.163.245.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.163.245.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    105.209.201.84.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    105.209.201.84.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    105.209.201.84.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    105.209.201.84.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    24.139.73.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    24.139.73.23.in-addr.arpa
    IN PTR
    Response
    24.139.73.23.in-addr.arpa
    IN PTR
    a23-73-139-24deploystaticakamaitechnologiescom
  • flag-us
    DNS
    24.139.73.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    24.139.73.23.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    24.139.73.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    24.139.73.23.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    24.139.73.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    24.139.73.23.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    170.117.168.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    170.117.168.52.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    132 B
     90 B
     2
    1

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    68.32.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    68.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    146 B
     144 B
     2
    1

    DNS Request

    95.221.229.192.in-addr.arpa

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    53.210.109.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    53.210.109.20.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    56.163.245.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    56.163.245.4.in-addr.arpa

  • 8.8.8.8:53
    2.36.159.162.in-addr.arpa
    dns
    71 B
     133 B
     1
    1

    DNS Request

    2.36.159.162.in-addr.arpa

  • 8.8.8.8:53
    56.163.245.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    56.163.245.4.in-addr.arpa

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    210 B
     156 B
     3
    1

    DNS Request

    50.23.12.20.in-addr.arpa

    DNS Request

    50.23.12.20.in-addr.arpa

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    105.209.201.84.in-addr.arpa
    dns
    146 B
     133 B
     2
    1

    DNS Request

    105.209.201.84.in-addr.arpa

    DNS Request

    105.209.201.84.in-addr.arpa

  • 8.8.8.8:53
    24.139.73.23.in-addr.arpa
    dns
    284 B
     135 B
     4
    1

    DNS Request

    24.139.73.23.in-addr.arpa

    DNS Request

    24.139.73.23.in-addr.arpa

    DNS Request

    24.139.73.23.in-addr.arpa

    DNS Request

    24.139.73.23.in-addr.arpa

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    19.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    170.117.168.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    170.117.168.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.