ed83b9b439a7dc9a79dac0ea5f7f8f33727bcd1824cf6e2b3e96185a441151ba | Triage

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-12-2024 20:08

Sharing

Report Analysis Logs

General

Target

PySilon Horror.exe
Size

30.3MB
MD5

81bf3f0080903382a2fd969f4662a50e
SHA1

06bb62eb6598e108027faa17669ca39287ad3c7b
SHA256

ed83b9b439a7dc9a79dac0ea5f7f8f33727bcd1824cf6e2b3e96185a441151ba
SHA512

0676ef1e3cc54edb17332031abe1698a682c288e08b5893c71fb67265df748d33b9bc480df842fb0536ffa69afdc6f16ea4132665b91416fb033ca4453f15384
SSDEEP

786432:omMlhONW8N8m1NxOpl8dPXfrRQ7668BLEqU+CxeD6mp3a:odlhsW08mxElmPvw8BoV46W

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2740	PySilon Horror.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2740	2400	PySilon Horror.exe	30
PID 2400 wrote to memory of 2740	2400	PySilon Horror.exe	30
PID 2400 wrote to memory of 2740	2400	PySilon Horror.exe	30

C:\Users\Admin\AppData\Local\Temp\PySilon Horror.exe
"C:\Users\Admin\AppData\Local\Temp\PySilon Horror.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Users\Admin\AppData\Local\Temp\PySilon Horror.exe
  "C:\Users\Admin\AppData\Local\Temp\PySilon Horror.exe"
  2⤵
  - Loads dropped DLL
  PID:2740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI24002\python313.dll

Filesize
5.8MB

MD5
3aad23292404a7038eb07ce5a6348256

SHA1
35cac5479699b28549ebe36c1d064bfb703f0857

SHA256
78b1dd211c0e66a0603df48da2c9b67a915ab3258701b9285d3faa255ed8dc25

SHA512
f5b6ef04e744d2c98c1ef9402d7a8ce5cda3b008837cf2c37a8b6d0cd1b188ca46585a40b2db7acf019f67e6ced59eff5bc86e1aaf48d3c3b62fecf37f3aec6b

Download Submit