Overview

overview

6

Static

static

6

lib/xml/pa...__.pyc

windows7-x64

3

lib/xml/pa...__.pyc

windows10-2004-x64

3

lib/xml/pa...at.pyc

windows7-x64

3

lib/xml/pa...at.pyc

windows10-2004-x64

3

lib/xml/sa...__.pyc

windows7-x64

3

lib/xml/sa...__.pyc

windows10-2004-x64

3

lib/xml/sa...ns.pyc

windows7-x64

3

lib/xml/sa...ns.pyc

windows10-2004-x64

3

lib/xml/sa...er.pyc

windows7-x64

3

lib/xml/sa...er.pyc

windows10-2004-x64

3

lib/xml/sa...er.pyc

windows7-x64

3

lib/xml/sa...er.pyc

windows10-2004-x64

3

lib/xml/sa...ls.pyc

windows7-x64

3

lib/xml/sa...ls.pyc

windows10-2004-x64

3

lib/xml/sa...er.pyc

windows7-x64

3

lib/xml/sa...er.pyc

windows10-2004-x64

3

lib/xmlrpc...__.pyc

windows7-x64

3

lib/xmlrpc...__.pyc

windows10-2004-x64

3

lib/xmlrpc/client.pyc

windows7-x64

3

lib/xmlrpc/client.pyc

windows10-2004-x64

3

lib/xmlrpc/server.pyc

windows7-x64

3

lib/xmlrpc/server.pyc

windows10-2004-x64

3

lib/yaml/__init__.pyc

windows7-x64

3

lib/yaml/__init__.pyc

windows10-2004-x64

3

lib/yaml/composer.pyc

windows7-x64

3

lib/yaml/composer.pyc

windows10-2004-x64

3

lib/yaml/c...or.pyc

windows7-x64

3

lib/yaml/c...or.pyc

windows10-2004-x64

3

lib/yaml/cyaml.pyc

windows7-x64

3

lib/yaml/cyaml.pyc

windows10-2004-x64

3

lib/yaml/dumper.pyc

windows7-x64

3

lib/yaml/dumper.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    3s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    30-06-2024 14:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lib/yaml/dumper.pyc

  • Size

    1KB

  • MD5

    bb0ce14f3b5f9aee043ee3b4e8418cb6

  • SHA1

    15491a1109d13320171be7e22ff7af8c2b7681f5

  • SHA256

    f6ff638fef0a37a2f5bbbf9b4326c775335c97c08344c3f759b142a8bf1a0663

  • SHA512

    13500f186b61055bf3d9478a34752f6ef452926026fe916158849127264ce44ba31b7a5ce59b6b65273d57f2df9cc19c59c0bc4dd005fc90b487fb08992288a4

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\lib\yaml\dumper.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2320
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\lib\yaml\dumper.pyc
      2⤵
        PID:2700
        • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
          "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\lib\yaml\dumper.pyc"
          3⤵
            PID:1988

      Network

      MITRE ATT&CK Matrix ATT&CK v13

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
        Filesize

        3KB

        MD5

        e969d023624343c8901c47776b1e1d7a

        SHA1

        78244e94c854043da9ce9c7bff83165b9ce005e7

        SHA256

        b64961219ec981517721a54fff4da263279fe791fdf323b976a6eec63033f129

        SHA512

        ce95b2ff999cc095cc81e0920cea9fa232d8da4cfbe75ab2dbff5743c112bd8975ce0d12d442d9eb1337d0e9591ef453c5d99ab1b6c572c1cc9c74e66188833f

        Download Submit