4d18a87672b9f2aded64606a5e6c168556f35cd22a1f44f9832c1c5d2ac3c030

Analysis

max time kernel
134s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 19:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PyWare.exe
Size

95.5MB
MD5

f9bf26cc805821aa04369f8bc5742647
SHA1

18e6d236c8b74c47fefdcbf74d1d779b8b373803
SHA256

4d18a87672b9f2aded64606a5e6c168556f35cd22a1f44f9832c1c5d2ac3c030
SHA512

b9a9b3ee1b85eddd41808596c49f0ee3c5c576722e84538c609ded6a0c28724abe992209f757848e8d3d53372ad832801f591d4af7befaa56bb886728feccbab
SSDEEP

1572864:97XGMK4XR3bLSCU/+6yRvhfjUFP/V4f6Gj53ikjt4jRqtGqFOPV5yyVxUtMIDkDj:1gYRPSC++6y5NUt/VG6RmtCRgGPrEtFi

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 50 IoCs

Processes:

PyWare.exe

pid	process
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe
596	PyWare.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service
T1102

Processes:

flow ioc

26 discord.com
28 discord.com
30 discord.com
31 discord.com
33 discord.com
25 discord.com

flow	ioc
26	discord.com
28	discord.com
30	discord.com
31	discord.com
33	discord.com
25	discord.com

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

PyWare.exePyWare.exe

description	pid	process	target process
PID 448 wrote to memory of 596	448	PyWare.exe	PyWare.exe
PID 448 wrote to memory of 596	448	PyWare.exe	PyWare.exe
PID 596 wrote to memory of 1064	596	PyWare.exe	cmd.exe
PID 596 wrote to memory of 1064	596	PyWare.exe	cmd.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4448,i,8998666007764333392,14724298544432336038,262144 --variations-seed-version --mojo-platform-channel-handle=4460 /prefetch:8
1⤵
PID:1448

C:\Users\Admin\AppData\Local\Temp\PyWare.exe
"C:\Users\Admin\AppData\Local\Temp\PyWare.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:448

C:\Users\Admin\AppData\Local\Temp\PyWare.exe
"C:\Users\Admin\AppData\Local\Temp\PyWare.exe"
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:596

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
3⤵
PID:1064

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI4482\VCRUNTIME140.dll
Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\_asyncio.pyd
Filesize
60KB

MD5
3aea41c0a41765d6b0eb3363804d94d0

SHA1
26f05e3e458d5b90326ea40c6bbf236a3dbd49f0

SHA256
2c9f565254e4b2744d52b58f4960d5da1330c7846059b772044e4415804d933e

SHA512
a1f5eb597c43a053d28e16b48f365760189eeb129ac3ea1eaa3bb6648332c5f11a4a446d29dcd90e773858fb4b6367568fcd9c778ea1efee5d4972dcdfe4a0e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\_bz2.pyd
Filesize
78KB

MD5
d61719bf7f3d7cdebdf6c846c32ddaca

SHA1
eda22e90e602c260834303bdf7a3c77ab38477d0

SHA256
31dd9bfb64b1bee8faf925296028e2af907e6d933a83ddc570ebc82d11c43cfb

SHA512
e6c7eab95c18921439f63a30f76313d8380e66bd715afc44a89d386ae4e80c980c2632c170a445bad7446ee5f2c3ee233ccc7333757358340d551e664204e21f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\_cffi_backend.cp310-win_amd64.pyd
Filesize
177KB

MD5
6f1b90884343f717c5dc14f94ef5acea

SHA1
cca1a4dcf7a32bf698e75d58c5f130fb3572e423

SHA256
2093e7e4f5359b38f0819bdef8314fda332a1427f22e09afc416e1edd5910fe1

SHA512
e2c673b75162d3432bab497bad3f5f15a9571910d25f1dffb655755c74457ac78e5311bd5b38d29a91aec4d3ef883ae5c062b9a3255b5800145eb997863a7d73

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\_ctypes.pyd
Filesize
117KB

MD5
3fc444a146f7d667169dcb4f48760f49

SHA1
350a1300abc33aa7ca077daba5a883878a3bca19

SHA256
b545db2339ae74c523363b38835e8324799720f744c64e7142ddd48e4b619b68

SHA512
1609f792583c6293abddf7f7376ffa0d33a7a895de4d8b2ecebaede74e8850b225b3bf0998b056e40e4ebffb5c97babccf52d3184b2b05072c0dbb5dcb1866f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\_hashlib.pyd
Filesize
60KB

MD5
0d75220cf4691af4f97ebcbd9a481c62

SHA1
dadc3d5476c83668a715750ed80176dbbb536ec7

SHA256
9da79abfed52c7432a25a513f14134f3782c73ec7142e2d90223610eaef54303

SHA512
c00bd7a768e2eef7956d05f10330f3669b279866221085f9e9b97c4e553bb44356d041e29fd4337142ccbdf4e200769d69a235c1c5ddeb6fc64d537629eac112

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\_lzma.pyd
Filesize
151KB

MD5
afff5db126034438405debadb4b38f08

SHA1
fad8b25d9fe1c814ed307cdfddb5cd6fe778d364

SHA256
75d450e973cd1ccbd0f9a35ba0d7e6d644125eb311cc432bb424a299d9a52ee0

SHA512
3334d2ad9811e3be70b5a9fd84bc725c717a3ac59e2fd87e178cb39ac9172db7f9ec793011c4e613a89773b4f2425be66d44a21145a9051bed35f55a483759cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\_overlapped.pyd
Filesize
45KB

MD5
84609daeef4ebd0725098c74a3772cbb

SHA1
d4a9487f34ea36d097ecbba53a9410be268944af

SHA256
622171218fab2952c569acdbf0489d0098fa0664f61624d1c4f040410731be41

SHA512
b80e77d851137181445c8056abecf8b40647d49458897e306409f56084196cbef03d12d64ac2abd351dc6901fb5b3914bb5dbc5d490cfdb1aebb04be41e02eeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\_queue.pyd
Filesize
27KB

MD5
c8a1f1dc297b6dd10c5f7bc64f907d38

SHA1
be0913621e5ae8b04dd0c440ee3907da9cf6eb72

SHA256
827a07b27121200ed9fb2e9efd13ccbf57ca7d32d9d9d1619f1c303fb4d607b7

SHA512
e5f07935248f8d57b1f61fe5de2105b1555c354dd8dd98f0cff21b08caba17b66272a093c185ca025edb503690ba81d5fa8b7443805a07338b25063e2f7ea1b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\_socket.pyd
Filesize
74KB

MD5
f59ddb8b1eeac111d6a003f60e45b389

SHA1
e4e411a10c0ad4896f8b8153b826214ed8fe3caa

SHA256
9558dda6a3f6ad0c3091d643e2d3bf5bf20535904f691d2bdb2ce78edf46c2da

SHA512
873c6841ebf38b217465f1ead02b46a8823ef1de67d6608701e30faf5024ed00ab3c4cc4aa8c4836552ecdb16c7470fe965cf76f26ee88615746d456ff6a2bcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\_ssl.pyd
Filesize
153KB

MD5
80f2475d92ad805439d92cba6e657215

SHA1
20aa5f43ca83b3ff07e38b00d5fbd0cf3d7dbbab

SHA256
41278e309382c79356c1a4daf6dbb5819441d0c6e64981d031cda077bb6f1f79

SHA512
618cd6ca973a0b04159a7c83f1f0cda5db126a807982983fea68f343c21e606a3cdb60b95a2b07f4d9379149d844755b9767fea0a64dd1d4451ab894a1f865b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\_tkinter.pyd
Filesize
61KB

MD5
5954a0102a4c2e6e0f71ceb2f6259fc9

SHA1
99b96da37baee75f0ab2d2165c8f194f26aa2041

SHA256
3ddcdec7a7a9b01f1af5a57f3cd66ae68883416fa7fb6aa7fa51b9cf1c24bf07

SHA512
5a986b2d931ea09048bce1d5816e9c8aaa63aeae48e4b5d844013e16a0229207553b4aabb4a790f55bcc5f5e0fabc5c819045b22d1d2e0eec9fe7ddcf1cba94d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\_uuid.pyd
Filesize
21KB

MD5
e62b8770f7999b771571ed419318b270

SHA1
09f1822db89039e76eb18d09e0ede77697ea9dd1

SHA256
4ed9e84185b34923193f84255f7aa6ca6e6312c490b32de4acf0a0facbabdb5b

SHA512
e12e5357c0814d5f79d25752f0da62c2a67a195a282956f307cbc6731becb78d36b38d355b0826d85fdbad3ac4cb873110a47cf1d89ffdcab4ffa1175432327d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\aiohttp\_helpers.cp310-win_amd64.pyd
Filesize
53KB

MD5
01cd12bb34046426209d1ae38c0486ec

SHA1
331a21d765001ab2b2f43c31329bb4c147b9f1ce

SHA256
5221391fa47ac3180ab77c5d3b9a15fc8c8087a5bd531daf47c3a4fecffc00b9

SHA512
286dd4e320762696969f96fbcde7754912ca644c8db3bc76e3c88dd39bf5b18a4badfec57dea23fd3eb9589c12d25beaebc42c12b5e9520b155602c99654626b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\aiohttp\_http_parser.cp310-win_amd64.pyd
Filesize
248KB

MD5
ab4c27ad84aba09df64a1490a6bc633f

SHA1
82ad8913974398a4ecc18bf973ffba66962a1ffc

SHA256
94eca40f1d8dfbbbdeff185a006925b4da53a7c86c2c3bc126110ab21bcedfe4

SHA512
0cc81f66e7c7fce1e09542256000eda0d73a20f88e7a2d6879c20eb5ad7a632ab860b9b6e97d026c977eb952566a8f7bcdb76f260d7e1427ace67e45d73112a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\aiohttp\_http_writer.cp310-win_amd64.pyd
Filesize
48KB

MD5
6d2e61540edc9dc23ebf59cec9cabd54

SHA1
2312d46035f8cf3c2e7694ff0391b55f09cf52e9

SHA256
225f61a5e5b19f4320370523fd28e7166d3a65c69505a807573d9a18da641450

SHA512
c598292d8dbe77082945feafae10a04f65119b6b997b1f19dc1b96880cc9570aac7a424c3ca302c92601ca79bc3cbf74dc9c24cca88b14b323da2dc533c64022

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\aiohttp\_websocket.cp310-win_amd64.pyd
Filesize
35KB

MD5
fc36a5b88c21b65c27788072d06d1f26

SHA1
b4ea7c1ca9ddbc11ed6ed3f2246e33ed1698b704

SHA256
07e09075ef5a1bf2969381a5cadf07cdd1892b67ce7b6f643b5225f06d57e19f

SHA512
c41b856c09d7bc4e95c3cbe952e96fdb7ce14babf7510952818dd6bdb117b0f94658742f560b4d7b43bb883588bca73eb649df3a67872ec51989ce15d5a3f9b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\base_library.zip
Filesize
1.0MB

MD5
f3db6e372157f8efdfdf8a7e9aa66409

SHA1
bba1a3469e41d288260ed340b446f71b318a8475

SHA256
bc3fe4d45e87c1c8dd375cb2fd0d9d017d48a45bdd472531c624d1089c88dbff

SHA512
0b37d3a818088de414e7e75c1985c8a29951096d77dfecbd6005285cf33b33702a7b2dfaffbc40ccc9c75205b30a5844cd67b03f16936a7a2557b42656d90085

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\frozenlist\_frozenlist.cp310-win_amd64.pyd
Filesize
84KB

MD5
911470750962640ceb3fd11e2aeecd14

SHA1
af797451d4028841d92f771885cb9d81afba3f96

SHA256
5c204f6966526af4dc0c0d6d29909b6f088c4fa781464f2948414d833b03094d

SHA512
637043c20dc17fbc472613c0e4f576f0a2211b7916b3488806aec30271cf1bd84bd790518335b88910662fd4844f8ed39fa75aa278577271a966756b8cd793f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\libcrypto-1_1.dll
Filesize
3.3MB

MD5
ab01c808bed8164133e5279595437d3d

SHA1
0f512756a8db22576ec2e20cf0cafec7786fb12b

SHA256
9c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55

SHA512
4043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\libffi-7.dll
Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\libssl-1_1.dll
Filesize
682KB

MD5
de72697933d7673279fb85fd48d1a4dd

SHA1
085fd4c6fb6d89ffcc9b2741947b74f0766fc383

SHA256
ed1c8769f5096afd000fc730a37b11177fcf90890345071ab7fbceac684d571f

SHA512
0fd4678c65da181d7c27b19056d5ab0e5dd0e9714e9606e524cdad9e46ec4d0b35fe22d594282309f718b30e065f6896674d3edce6b3b0c8eb637a3680715c2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\multidict\_multidict.cp310-win_amd64.pyd
Filesize
45KB

MD5
ddd4c0ae1e0d166c22449e9dcdca20d7

SHA1
ff0e3d889b4e8bc43b0f13aa1154776b0df95700

SHA256
74ec52418c5d38a63add94228c6f68cf49519666ae8bcb7ac199f7d539d8612c

SHA512
c8464a77ba8b504ba9c7873f76499174095393c42dc85a9c1be2875c3661cda928851e37013e4ac95ba539eed984bf71c0fcc2cb599f3f0c4c1588d4a692bdfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\nacl\_sodium.pyd
Filesize
340KB

MD5
9d1b8bad0e17e63b9d8e441cdc15baee

SHA1
0c5a62135b072d1951a9d6806b9eff7aa9c897a3

SHA256
d733c23c6a4b21625a4ff07f6562ba882bcbdb0f50826269419d8de0574f88cd

SHA512
49e7f6ab825d5047421641ed4618ff6cb2a8d22a8a4ae1bd8f2deefe7987d80c8e0acc72b950d02214f7b41dc4a42df73a7f5742ebc96670d1c5a28c47b97355

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\pyexpat.pyd
Filesize
191KB

MD5
4cb923b0d757fe2aceebf378949a50e7

SHA1
688bbbae6253f0941d52faa92dedd4af6f1dfc3b

SHA256
e41cff213307b232e745d9065d057bcf36508f3a7150c877359800f2c5f97cfc

SHA512
9e88542d07bd91202fcf13b7d8c3a2bbd3d78e60985b45f4fa76c6cd2a2abdee2a0487990bea0713f2ad2a762f120411c3fbbfaa71ef040774512da8f6328047

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\python3.DLL
Filesize
61KB

MD5
704d647d6921dbd71d27692c5a92a5fa

SHA1
6f0552ce789dc512f183b565d9f6bf6bf86c229d

SHA256
a1c5c6e4873aa53d75b35c512c1cbadf39315deeec21a3ada72b324551f1f769

SHA512
6b340d64c808388fe95e6d632027715fb5bd801f013debaaa97e5ecb27a6f6ace49bf23648517dd10734daff8f4f44969cff2276010bf7502e79417736a44ec4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\python310.dll
Filesize
4.2MB

MD5
e9c0fbc99d19eeedad137557f4a0ab21

SHA1
8945e1811ceb4b26f21edcc7a36dcf2b1d34f0bf

SHA256
5783c5c5a3ffce181691f19d27de376a03010d32e41360b72bcdbd28467cfcc5

SHA512
74e1289683642ae2bc3cf780a07af1f27fed2011ef6cc67380f9c066c59d17a2fb2394a45a5c6cd75dad812a61093fdbd0f2108925f5c58fc6644c1c98be5c0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\select.pyd
Filesize
26KB

MD5
994a6348f53ceea82b540e2a35ca1312

SHA1
8d764190ed81fd29b554122c8d3ae6bf857e6e29

SHA256
149427a8d58373351955ee01a1d35b5ab7e4c6ac1a312daa9ba8c72b7e5ac8a4

SHA512
b3dfb4672f439fa43e29e5b1ababca74f6d53ea4bad39dfe91f59382e23dbb2a3aea2add544892e3fcd83e3c5357ee7f09fe8ab828571876f68d76f1b1fcee2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\tcl86t.dll
Filesize
1.8MB

MD5
75909678c6a79ca2ca780a1ceb00232e

SHA1
39ddbeb1c288335abe910a5011d7034345425f7d

SHA256
fbfd065f861ec0a90dd513bc209c56bbc23c54d2839964a0ec2df95848af7860

SHA512
91689413826d3b2e13fc7f579a71b676547bc4c06d2bb100b4168def12ab09b65359d1612b31a15d21cb55147bbab4934e6711351a0440c1533fb94fe53313bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\tk86t.dll
Filesize
1.5MB

MD5
4b6270a72579b38c1cc83f240fb08360

SHA1
1a161a014f57fe8aa2fadaab7bc4f9faaac368de

SHA256
cd2f60075064dfc2e65c88b239a970cb4bd07cb3eec7cc26fb1bf978d4356b08

SHA512
0c81434d8c205892bba8a4c93ff8fc011fb8cfb72cfec172cf69093651b86fd9837050bd0636315840290b28af83e557f2205a03e5c344239356874fce0c72b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\unicodedata.pyd
Filesize
1.1MB

MD5
c01a5ce36dd1c822749d8ade8a5e68ca

SHA1
a021d11e1eb7a63078cbc3d3e3360d6f7e120976

SHA256
0f27f26d1faa4f76d4b9d79ad572a3d4f3bbe8020e2208d2f3b9046e815b578a

SHA512
3d4e70a946f69633072a913fe86bada436d0c28aca322203aa5ec9d0d7ae111129516d7adb3fdeef6b1d30b50c86c1de2c23a1bc9fba388474b9d9131c1e5d38

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4482\yarl\_quoting_c.cp310-win_amd64.pyd
Filesize
93KB

MD5
8b4cd87707f15f838b5db8ed5b5021d2

SHA1
bbc05580a181e1c03e0a53760c1559dc99b746fe

SHA256
eefb46501ef97baf29a93304f58674e70f5ccecafb183f230e5ce7872a852f56

SHA512
6768cff12fa22fe8540a3f6bdb350a5fcec0b2a0f01531458eb23f77b24460620cd400078fd1ec63738884c2b78920e428126833953c26b8dc8ad8b7c069415d

Download Submit