Overview

overview

6

Static

static

6

lib/xml/pa...__.pyc

windows7-x64

3

lib/xml/pa...__.pyc

windows10-2004-x64

3

lib/xml/pa...at.pyc

windows7-x64

3

lib/xml/pa...at.pyc

windows10-2004-x64

3

lib/xml/sa...__.pyc

windows7-x64

3

lib/xml/sa...__.pyc

windows10-2004-x64

3

lib/xml/sa...ns.pyc

windows7-x64

3

lib/xml/sa...ns.pyc

windows10-2004-x64

3

lib/xml/sa...er.pyc

windows7-x64

3

lib/xml/sa...er.pyc

windows10-2004-x64

3

lib/xml/sa...er.pyc

windows7-x64

3

lib/xml/sa...er.pyc

windows10-2004-x64

3

lib/xml/sa...ls.pyc

windows7-x64

3

lib/xml/sa...ls.pyc

windows10-2004-x64

3

lib/xml/sa...er.pyc

windows7-x64

3

lib/xml/sa...er.pyc

windows10-2004-x64

3

lib/xmlrpc...__.pyc

windows7-x64

3

lib/xmlrpc...__.pyc

windows10-2004-x64

3

lib/xmlrpc/client.pyc

windows7-x64

3

lib/xmlrpc/client.pyc

windows10-2004-x64

3

lib/xmlrpc/server.pyc

windows7-x64

3

lib/xmlrpc/server.pyc

windows10-2004-x64

3

lib/yaml/__init__.pyc

windows7-x64

3

lib/yaml/__init__.pyc

windows10-2004-x64

3

lib/yaml/composer.pyc

windows7-x64

3

lib/yaml/composer.pyc

windows10-2004-x64

3

lib/yaml/c...or.pyc

windows7-x64

3

lib/yaml/c...or.pyc

windows10-2004-x64

3

lib/yaml/cyaml.pyc

windows7-x64

3

lib/yaml/cyaml.pyc

windows10-2004-x64

3

lib/yaml/dumper.pyc

windows7-x64

3

lib/yaml/dumper.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    30-06-2024 14:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lib/yaml/__init__.pyc

  • Size

    11KB

  • MD5

    fd6ef2e2d3eb7b7c25d27d702772c2bd

  • SHA1

    6f45875532d4ba6357940761e53d9621c9bbd30b

  • SHA256

    44c71850563f85ea56d777863aa312a3943b656c651b7bf0c70fe2010e7130a9

  • SHA512

    61f6bcf16ed6ca536fc14d408ea01dc87be1c10f7bcf0d17b64af8a2fa6f2895c0ae2f92429ee583f9b02a5c33f636518e0f446257a64463eebaa6029ffbab7a

  • SSDEEP

    192:vvcqmnENv0qqzq9qcDqnKqgEqSqhqvqHqwqKCw4nZKE8Wzn4Q5o9sq6q1qCXI1jx:3cqmENv0qqzq9qcDqnKq1qSqhqvqHqw0

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\lib\yaml\__init__.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2392
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\lib\yaml\__init__.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2452
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\lib\yaml\__init__.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2936

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    5ec1b31e24aaca292ba3d2a233820048

    SHA1

    4f877f2b3002492f57c5d5b94eed477ca8928035

    SHA256

    85c5f1347e41039a75e97bce54c3978d86fd3e6a16f6e1e44535e3d1a0c7d2c8

    SHA512

    50c2c45151145f8eb39c238836016509a99a0b2ed12998b09b58d86da8666c7d56a5f92ff6bfd653756b252122cb682e48608c0f0e92de3c115091b434909cbf

    Download Submit