0a4a4add676de2d153171b422cf3ce6e501c42e9b8f6c9244f756b2ba40bf0e2

Analysis

max time kernel
150s
max time network
92s
platform
windows7_x64
resource
win7v20201028
submitted
23-02-2021 13:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8efc095d789b254335161040f76affea.exe
Size

5.0MB
MD5

8efc095d789b254335161040f76affea
SHA1

31068fb15c7481047d2cb04342909e5cb1dce3bc
SHA256

0a4a4add676de2d153171b422cf3ce6e501c42e9b8f6c9244f756b2ba40bf0e2
SHA512

5c5aacae7ebbb256b6f6859c2579e79ab2d195f03a8274aaa4a055f98ef87224c8b3d3610c0ca33cdcf1fb74b631bde6764305d96b088f0f08d81543a6580ead

Score

7^/10

spyware

Malware Config

Signatures

Loads dropped DLL 9 IoCs

Processes:

8efc095d789b254335161040f76affea.exe

pid	process
1912	8efc095d789b254335161040f76affea.exe
1912	8efc095d789b254335161040f76affea.exe
1912	8efc095d789b254335161040f76affea.exe
1912	8efc095d789b254335161040f76affea.exe
1912	8efc095d789b254335161040f76affea.exe
1912	8efc095d789b254335161040f76affea.exe
1912	8efc095d789b254335161040f76affea.exe
1912	8efc095d789b254335161040f76affea.exe
1912	8efc095d789b254335161040f76affea.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware

Data from Local System
T1005

Credentials in Files
T1081
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

8efc095d789b254335161040f76affea.exe

pid process

1912 8efc095d789b254335161040f76affea.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

8efc095d789b254335161040f76affea.exe

description pid process

Token: 35 1912 8efc095d789b254335161040f76affea.exe

description	pid	process
Token: 35	1912	8efc095d789b254335161040f76affea.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

8efc095d789b254335161040f76affea.exe

description	pid	process	target process
PID 532 wrote to memory of 1912	532	8efc095d789b254335161040f76affea.exe	8efc095d789b254335161040f76affea.exe
PID 532 wrote to memory of 1912	532	8efc095d789b254335161040f76affea.exe	8efc095d789b254335161040f76affea.exe
PID 532 wrote to memory of 1912	532	8efc095d789b254335161040f76affea.exe	8efc095d789b254335161040f76affea.exe

C:\Users\Admin\AppData\Local\Temp\8efc095d789b254335161040f76affea.exe
"C:\Users\Admin\AppData\Local\Temp\8efc095d789b254335161040f76affea.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:532

C:\Users\Admin\AppData\Local\Temp\8efc095d789b254335161040f76affea.exe
"C:\Users\Admin\AppData\Local\Temp\8efc095d789b254335161040f76affea.exe"
2⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1912

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI5322\DiscordNitroGenerator.exe.manifest

MD5
533d53bcdc79facfe8f65901c71dfd32

SHA1
4a224a117ade41ead7d1531f7608e6394292acca

SHA256
1b4b735cb8abf1e806e07f20d666696844af11a28afb5e45e90e3f0b4f978536

SHA512
7577b9e887feb3c8c966b9f048ac2b069b67a3888afcb9cf3c39bd7e080469d94fcb42e0af68662cf19375a58792aa82fee65cb5a7ea761fc2c796914e6ef46b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5322\VCRUNTIME140.dll

MD5
edf9d5c18111d82cf10ec99f6afa6b47

SHA1
d247f5b9d4d3061e3d421e0e623595aa40d9493c

SHA256
d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb

SHA512
bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5322\_bz2.pyd

MD5
c9bfb31afe7cce0b57e5bfbbfda5ae7a

SHA1
37a930d22a9651f7ae940f61a23467deaa1f59d0

SHA256
58563fb8798c878bbb19221d8c6c9a3cc243d6dbc9bf5d7f73ba62834c5e4614

SHA512
3775adb2750a8a7927f56b1bad853e405b21c678d2708ae1d0e7ddfb68e2228971636ccd88055a9d04e49f009d8ec1fb4e0f7cb6ad9b012b666e132d989668e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5322\_hashlib.pyd

MD5
86db282b25244f420a5d7abd44abb098

SHA1
992445028220ac07b39e939824a4c6b1fda811dc

SHA256
ab3d09c879b395631d8a4f89f6855d98d315675e9607248eed7bc07317260168

SHA512
62e2919c4ba74fa69f25209db89f0652c5f8624867b3221aa3865e4dc2bab07e70880c63e4853051f1cc7464ff6478106ac4d6c9fc096172d85e523d8cbd069a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5322\_lzma.pyd

MD5
857ba2d859502a76789b0cd090ef231a

SHA1
352378e0f9536154d698ecbb4c694aae8d416787

SHA256
42aafcd7e1050b3307c06874fa1e72eecfb5554bd631097e7af0506a3a200144

SHA512
ab70e4fde01bf0d1a2f4dbfe0b556ce3d83e57edf84c62262f0500b6b0295101a36e279f843cef6a08a4d4d3cde150ff76195ff417123eed64b661310fa759a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5322\_socket.pyd

MD5
7e080d04a56cd48cf24219774ab0abe2

SHA1
b3caf5603ce8da3da728577aa6b06daa32118b57

SHA256
77b3597eef6eb044fbec7b2229772495cd632033bec03badad4e4d268748b760

SHA512
8bb475b62cb025823ef3eb54db58017b9fc394fe4a8a6d84aee13a4aaf9dd426e59860d3f15abcc218bd7cf4aefeee37d8fdf24dc272b6196b089b65cb584aae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5322\_ssl.pyd

MD5
61fb40f4c868059e3378c735d1888c14

SHA1
73423b0e17eb9a0c231f4d6bffb2541a08975ed2

SHA256
ea7cf863090d7f61daae9c6cc679608239e622f4485514dc705d09c1311657c2

SHA512
e40a1fcf528b9a0a4bd2161b71d86dacff82647d6895f8a945c0960310397f8ebdc2d3191d04cd262940866ff0d7ddc7e4f2c17b9ebf86f527c08c8179ff2e91

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5322\base_library.zip

MD5
3e5da4cc83d77e6c51c515dfb0b18259

SHA1
6200f1d64f7b3a11a49b2870c0bd07d68352c9a9

SHA256
d0dc0cb07bfef2ccf3c279a9098ff22914970c940176a365ab831dbad734ba17

SHA512
777faa00c4132cdefe361b240e40e733c127c586d6774390830f68e5068a48ff9f70476e859bb4aa1f8b21ac44294efd45e14b44756b3d6baf80fd3ec92c3c4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5322\python36.dll

MD5
7e5ad98ee1fef48d50c2cb641f464181

SHA1
ba424106c46ab11be33f4954195d10382791677d

SHA256
dd4bba32bf57165371822f5966617f475198764a91f39dc6ef86552457ac795d

SHA512
7633730cc9672bc558f8f3391534f9a0f3627a98c5c9f5acefbfc2356eeb14cd10581dceceec2e2d20ed666bc121b28d2af63bd61ead48d34cbcec5861f8ef82

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5322\select.pyd

MD5
290242633745524a3fb673798faabbe1

SHA1
7a5df2949b75469242c9287ae529045d7a85fd4c

SHA256
df8acaf83e5c861f1d0ad694b087ff0a451f01191602617307a93c9dec893ecd

SHA512
a3aec08265e2ea4549df14f6c2683b7b53c553b45304e80ed27ca5b5df70f0e1a3b139608557230e2acbaad4f302b5e20631a9d82de75222a9cc4b2177ce2020

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5322\unicodedata.pyd

MD5
1c35e860d07c30617326d5a7030961b2

SHA1
44f727f11b2a19b078a987ad4f4bf7b6ccb393c2

SHA256
7c115398f9975004b436c70cfa5d5d08e9f3f1d0f1c8a9e07eeeac96affe6625

SHA512
863ffa0d09c7e7fc00b3a5ec8101ed31b6794f8b1dab96501c11725f247dfc5315f9b20602d424e384fdc20031e5d59ae65be1ecc5b72976ac3e2813b0cd2276

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI5322\VCRUNTIME140.dll

MD5
edf9d5c18111d82cf10ec99f6afa6b47

SHA1
d247f5b9d4d3061e3d421e0e623595aa40d9493c

SHA256
d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb

SHA512
bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI5322\_bz2.pyd

MD5
c9bfb31afe7cce0b57e5bfbbfda5ae7a

SHA1
37a930d22a9651f7ae940f61a23467deaa1f59d0

SHA256
58563fb8798c878bbb19221d8c6c9a3cc243d6dbc9bf5d7f73ba62834c5e4614

SHA512
3775adb2750a8a7927f56b1bad853e405b21c678d2708ae1d0e7ddfb68e2228971636ccd88055a9d04e49f009d8ec1fb4e0f7cb6ad9b012b666e132d989668e6

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI5322\_hashlib.pyd

MD5
86db282b25244f420a5d7abd44abb098

SHA1
992445028220ac07b39e939824a4c6b1fda811dc

SHA256
ab3d09c879b395631d8a4f89f6855d98d315675e9607248eed7bc07317260168

SHA512
62e2919c4ba74fa69f25209db89f0652c5f8624867b3221aa3865e4dc2bab07e70880c63e4853051f1cc7464ff6478106ac4d6c9fc096172d85e523d8cbd069a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI5322\_lzma.pyd

MD5
857ba2d859502a76789b0cd090ef231a

SHA1
352378e0f9536154d698ecbb4c694aae8d416787

SHA256
42aafcd7e1050b3307c06874fa1e72eecfb5554bd631097e7af0506a3a200144

SHA512
ab70e4fde01bf0d1a2f4dbfe0b556ce3d83e57edf84c62262f0500b6b0295101a36e279f843cef6a08a4d4d3cde150ff76195ff417123eed64b661310fa759a4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI5322\_socket.pyd

MD5
7e080d04a56cd48cf24219774ab0abe2

SHA1
b3caf5603ce8da3da728577aa6b06daa32118b57

SHA256
77b3597eef6eb044fbec7b2229772495cd632033bec03badad4e4d268748b760

SHA512
8bb475b62cb025823ef3eb54db58017b9fc394fe4a8a6d84aee13a4aaf9dd426e59860d3f15abcc218bd7cf4aefeee37d8fdf24dc272b6196b089b65cb584aae

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI5322\_ssl.pyd

MD5
61fb40f4c868059e3378c735d1888c14

SHA1
73423b0e17eb9a0c231f4d6bffb2541a08975ed2

SHA256
ea7cf863090d7f61daae9c6cc679608239e622f4485514dc705d09c1311657c2

SHA512
e40a1fcf528b9a0a4bd2161b71d86dacff82647d6895f8a945c0960310397f8ebdc2d3191d04cd262940866ff0d7ddc7e4f2c17b9ebf86f527c08c8179ff2e91

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI5322\python36.dll

MD5
7e5ad98ee1fef48d50c2cb641f464181

SHA1
ba424106c46ab11be33f4954195d10382791677d

SHA256
dd4bba32bf57165371822f5966617f475198764a91f39dc6ef86552457ac795d

SHA512
7633730cc9672bc558f8f3391534f9a0f3627a98c5c9f5acefbfc2356eeb14cd10581dceceec2e2d20ed666bc121b28d2af63bd61ead48d34cbcec5861f8ef82

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI5322\select.pyd

MD5
290242633745524a3fb673798faabbe1

SHA1
7a5df2949b75469242c9287ae529045d7a85fd4c

SHA256
df8acaf83e5c861f1d0ad694b087ff0a451f01191602617307a93c9dec893ecd

SHA512
a3aec08265e2ea4549df14f6c2683b7b53c553b45304e80ed27ca5b5df70f0e1a3b139608557230e2acbaad4f302b5e20631a9d82de75222a9cc4b2177ce2020

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI5322\unicodedata.pyd

MD5
1c35e860d07c30617326d5a7030961b2

SHA1
44f727f11b2a19b078a987ad4f4bf7b6ccb393c2

SHA256
7c115398f9975004b436c70cfa5d5d08e9f3f1d0f1c8a9e07eeeac96affe6625

SHA512
863ffa0d09c7e7fc00b3a5ec8101ed31b6794f8b1dab96501c11725f247dfc5315f9b20602d424e384fdc20031e5d59ae65be1ecc5b72976ac3e2813b0cd2276

Download Submit
memory/1912-2-0x0000000000000000-mapping.dmp

Download