7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220414-en
submitted
12-05-2022 12:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe
Size

8.6MB
MD5

0be819d2ffe6eb39a59ac0aa9a55c8b2
SHA1

a07d9c1d14113edf954e773212201e733fb8326b
SHA256

7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57
SHA512

d900b5ca5fe5e73563b949e07697bce228ff5cd6d022c493a0048e97126d345ed69bcb507fbe76d0a2e7078da8d19d617982de300f700ce48c565b8cd240e788

Score

7^/10

spyware stealer

Malware Config

Signatures

Loads dropped DLL 13 IoCs

Processes:

7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe

pid	process
1164	7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe
1164	7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe
1164	7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe
1164	7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe
1164	7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe
1164	7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe
1164	7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe
1164	7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe
1164	7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe
1164	7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe
1164	7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe
1164	7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe
1164	7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

1 api.ipify.org
2 api.ipify.org

flow	ioc
1	api.ipify.org
2	api.ipify.org

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe

description	pid	process	target process
PID 1256 wrote to memory of 1164	1256	7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe	7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe
PID 1256 wrote to memory of 1164	1256	7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe	7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe
PID 1256 wrote to memory of 1164	1256	7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe	7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe
PID 1256 wrote to memory of 1164	1256	7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe	7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe

C:\Users\Admin\AppData\Local\Temp\7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe
"C:\Users\Admin\AppData\Local\Temp\7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1256

C:\Users\Admin\AppData\Local\Temp\7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe
"C:\Users\Admin\AppData\Local\Temp\7b619ad96f1e9e154f59227a36693842eb0d10a99a7307ff2afb11fd877f6d57.exe"
2⤵
- Loads dropped DLL
PID:1164

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI12562\TaliGvng.exe.manifest
Filesize
1KB

MD5
525c89c58f8d80655d287a87b080f1a7

SHA1
df3bbf38ef4f012854ef2082574fe8a12ee9278a

SHA256
2036f950abb23c02ee5ebe031e77f303f05012e3959d3a5a52f0f93e76d28731

SHA512
bfc2f777ee7f5da503af37aba76256eb5be5fbb00661bc46a19b53fb492314c3318ffe7c9f541a9b5a27e8a5f50c744791d5167b7dbb576780941714343d0541

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12562\VCRUNTIME140.dll
Filesize
84KB

MD5
ae96651cfbd18991d186a029cbecb30c

SHA1
18df8af1022b5cb188e3ee98ac5b4da24ac9c526

SHA256
1b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1

SHA512
42a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12562\_bz2.pyd
Filesize
72KB

MD5
7f8dc5e22155dfaeeee837bee907f960

SHA1
9d03bd1120fd67cb4a2a6e42707c3ecc95d56a31

SHA256
f2eaab5894a666556a6ec0f7b430deb30cdcdb534e822cda8c789435d3834535

SHA512
ac4ae9f88dbebdd6619be62252275260f476bec5765644de279dadf9f10437ebec526d833fbaae70686de1ef65fc574659191c2c8050df96b7ff7ff3fb51f80c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12562\_ctypes.pyd
Filesize
109KB

MD5
e7f1c92338eb9964ea5922de823abcb8

SHA1
ae5719b87f4f6b3cdaacd6e43f5bf101e492adc0

SHA256
497cf76470349d3cb601e1fe66c8e08f7570cfb0d25e15c3d94aae84280dba58

SHA512
0fe48e6c7596c226d031a1c2966270589b939b54a316e44856054a933be052d5084afc4c1a9d8314aa1cf0e15cc777747645741f3efea3016a41248c01d8fc14

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12562\_hashlib.pyd
Filesize
36KB

MD5
13e5639aa1732db7f8fd9c2820cced10

SHA1
5f9799b1a16bbdb337766b42b9828f8da1f55e75

SHA256
b54e3474472fd318e0d94b9115238dca43c457e6253f06f92d2604df14d8247d

SHA512
f4abc90e5f6ea1b204265e91f22978ca8eb04c8ce9bef5d558becadb1b6116c769d7e3401b9396438c85f5decf88b79fd8114f6054541228c753494660a949d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12562\_lzma.pyd
Filesize
181KB

MD5
b1abe0da66ec97e4aff97f1bd5203434

SHA1
c3bd39814c4f01b57a442da50ed515e7dfd05a8a

SHA256
ee4f276ec7f0b34acd38361023173d6113d97a7de17d28a4fbbd286fe5ce2f28

SHA512
47556e4c65aa04853520c92fdb1f88bb03ab7f4478bfc60e15186f6109cf659e68d458a7b1090a063a0f771c6eb835582464a646456d9e7f82534854c74f83b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12562\_socket.pyd
Filesize
67KB

MD5
6f71a76bb3c8da44c671f23b4b78f901

SHA1
444e2d7d167dbe387317a1f52396c9ccab40ee49

SHA256
9cb6bb684c2d475c60a94d3f789cae6e662901ea408e18ac4bc34cba0baffeed

SHA512
f1346f5f83717218d1d2517c022d69cb246ff01d88cbf72443b6b06545eef2fe1ff77859e2a87915fc55925847777d1721abc7085a0d81226b3356916b8871eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12562\_ssl.pyd
Filesize
108KB

MD5
38a431e39fe4502ebbc7a17bcb519240

SHA1
5f9990e47b03a35707639047839ad215af7cb82c

SHA256
91225559138228aaadf83d77c92835b080bbcbcc17c190c6ef7bb9d23cc17595

SHA512
cc8c635471b2ae18d1c3962812b30b1ca6d4187595bc941ca84c18028f46c3f75c9a6d66afceb75b1f454884c5a012f97d8d995a55d60b493d381bb827413c94

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12562\base_library.zip
Filesize
769KB

MD5
60a894b6543ed4900f8eccc6e99fc6e0

SHA1
d06ae66e7804fb970e9dcd731729b0983226fcc9

SHA256
6db4a3352b276d949167793688d078cb883596e25a33b8567a270cb4f489a3f8

SHA512
9166be0f6625f651febcff346c455d534c87e044808592ea13aced2ca397f16c188ff0d93ccf2de0409fd1c7d3d2ba092a45ec919d6b9f00ef11a77bf5a5c3b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12562\libcrypto-1_1.dll
Filesize
2.1MB

MD5
67c1ea1b655dbb8989a55e146761c202

SHA1
aecc6573b0e28f59ea8fdd01191621dda6f228ed

SHA256
541adbc9654d967491d11359a0e4ad4972d2bd25f260476dd7576c576478698a

SHA512
1c7612c03df85b596dc360c1a94e367d8bfba51f651b49c598e4a066a693d9aa74195a40cc849ef787eac9b6e1e1fc079b389c03fc539e53abf4aa729bef5893

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12562\libffi-7.dll
Filesize
28KB

MD5
bc20614744ebf4c2b8acd28d1fe54174

SHA1
665c0acc404e13a69800fae94efd69a41bdda901

SHA256
0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57

SHA512
0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12562\libssl-1_1.dll
Filesize
524KB

MD5
9417e0d677e0f8b08398fcd57dccbafd

SHA1
569e82788ff8206e3a43c8653d6421d456ff2a68

SHA256
db16853dbc64f045ae2a972f7605a6f192d09b79cae86fd93b8434fa7d9e031f

SHA512
b7dfd0b265c19d97518e638e4fcc19db3031382cda05c2cbb8965651ceadaa0f68f9d4dd62d542b2c9ef33d9703d50f4d74eb8b9f4918130895ef17feff2f6cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12562\python38.dll
Filesize
3.7MB

MD5
97d893cd2879f8e9a6bc8a35d203b2f4

SHA1
68ddf1e3a98e080c4ef2c9d241a31dee6aec240b

SHA256
6e7ed993131a5beb3b96736320bafb83a063d3043015bf2b14eea6601a414ab8

SHA512
30804c88389b54a6119c7c134af315330afb234d743b51acbb25f11d2aec3400c7498e918294f4497e49ebf7ddac557509847d785d58fe9cd381a3fbf8eb9378

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12562\select.pyd
Filesize
23KB

MD5
e6969a95ca8b62725206ebef19af0371

SHA1
60bfcad0dd79267793c3b8ff109a98c4201ffc18

SHA256
3f177ee6d35f0dbeb0f0719f4e20404abe6a101c375ab6d27fcd28aa846def2c

SHA512
ae45e272f4b0207dc8720681932641b53379a8b4d1ee7c878ce7804cc475069812d8dcd8689dc6383911b51af272801dbce6b076aaf60f5287c2bacbce8d95e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12562\unicodedata.pyd
Filesize
1.0MB

MD5
d40589a59a706d6ff0d95a1b9a5acc0f

SHA1
7a23501a1c5d2d2d300c1496f3a6e455f47769d3

SHA256
b4829151d38443389cb6af2371df4f44e3e9e217b8c7051519d365d5d107e557

SHA512
48158c1dd1b880e33ac409581f79d69197ddfc7b8ae8ee4ea758e9d14563ad6eadaa844db2eb28bf70994a6f196319bb5614fb13fe9d9ec4f33f78c6d24146c0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12562\VCRUNTIME140.dll
Filesize
84KB

MD5
ae96651cfbd18991d186a029cbecb30c

SHA1
18df8af1022b5cb188e3ee98ac5b4da24ac9c526

SHA256
1b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1

SHA512
42a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12562\_bz2.pyd
Filesize
72KB

MD5
7f8dc5e22155dfaeeee837bee907f960

SHA1
9d03bd1120fd67cb4a2a6e42707c3ecc95d56a31

SHA256
f2eaab5894a666556a6ec0f7b430deb30cdcdb534e822cda8c789435d3834535

SHA512
ac4ae9f88dbebdd6619be62252275260f476bec5765644de279dadf9f10437ebec526d833fbaae70686de1ef65fc574659191c2c8050df96b7ff7ff3fb51f80c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12562\_ctypes.pyd
Filesize
109KB

MD5
e7f1c92338eb9964ea5922de823abcb8

SHA1
ae5719b87f4f6b3cdaacd6e43f5bf101e492adc0

SHA256
497cf76470349d3cb601e1fe66c8e08f7570cfb0d25e15c3d94aae84280dba58

SHA512
0fe48e6c7596c226d031a1c2966270589b939b54a316e44856054a933be052d5084afc4c1a9d8314aa1cf0e15cc777747645741f3efea3016a41248c01d8fc14

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12562\_hashlib.pyd
Filesize
36KB

MD5
13e5639aa1732db7f8fd9c2820cced10

SHA1
5f9799b1a16bbdb337766b42b9828f8da1f55e75

SHA256
b54e3474472fd318e0d94b9115238dca43c457e6253f06f92d2604df14d8247d

SHA512
f4abc90e5f6ea1b204265e91f22978ca8eb04c8ce9bef5d558becadb1b6116c769d7e3401b9396438c85f5decf88b79fd8114f6054541228c753494660a949d1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12562\_lzma.pyd
Filesize
181KB

MD5
b1abe0da66ec97e4aff97f1bd5203434

SHA1
c3bd39814c4f01b57a442da50ed515e7dfd05a8a

SHA256
ee4f276ec7f0b34acd38361023173d6113d97a7de17d28a4fbbd286fe5ce2f28

SHA512
47556e4c65aa04853520c92fdb1f88bb03ab7f4478bfc60e15186f6109cf659e68d458a7b1090a063a0f771c6eb835582464a646456d9e7f82534854c74f83b0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12562\_socket.pyd
Filesize
67KB

MD5
6f71a76bb3c8da44c671f23b4b78f901

SHA1
444e2d7d167dbe387317a1f52396c9ccab40ee49

SHA256
9cb6bb684c2d475c60a94d3f789cae6e662901ea408e18ac4bc34cba0baffeed

SHA512
f1346f5f83717218d1d2517c022d69cb246ff01d88cbf72443b6b06545eef2fe1ff77859e2a87915fc55925847777d1721abc7085a0d81226b3356916b8871eb

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12562\_ssl.pyd
Filesize
108KB

MD5
38a431e39fe4502ebbc7a17bcb519240

SHA1
5f9990e47b03a35707639047839ad215af7cb82c

SHA256
91225559138228aaadf83d77c92835b080bbcbcc17c190c6ef7bb9d23cc17595

SHA512
cc8c635471b2ae18d1c3962812b30b1ca6d4187595bc941ca84c18028f46c3f75c9a6d66afceb75b1f454884c5a012f97d8d995a55d60b493d381bb827413c94

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12562\libcrypto-1_1.dll
Filesize
2.1MB

MD5
67c1ea1b655dbb8989a55e146761c202

SHA1
aecc6573b0e28f59ea8fdd01191621dda6f228ed

SHA256
541adbc9654d967491d11359a0e4ad4972d2bd25f260476dd7576c576478698a

SHA512
1c7612c03df85b596dc360c1a94e367d8bfba51f651b49c598e4a066a693d9aa74195a40cc849ef787eac9b6e1e1fc079b389c03fc539e53abf4aa729bef5893

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12562\libffi-7.dll
Filesize
28KB

MD5
bc20614744ebf4c2b8acd28d1fe54174

SHA1
665c0acc404e13a69800fae94efd69a41bdda901

SHA256
0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57

SHA512
0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12562\libssl-1_1.dll
Filesize
524KB

MD5
9417e0d677e0f8b08398fcd57dccbafd

SHA1
569e82788ff8206e3a43c8653d6421d456ff2a68

SHA256
db16853dbc64f045ae2a972f7605a6f192d09b79cae86fd93b8434fa7d9e031f

SHA512
b7dfd0b265c19d97518e638e4fcc19db3031382cda05c2cbb8965651ceadaa0f68f9d4dd62d542b2c9ef33d9703d50f4d74eb8b9f4918130895ef17feff2f6cb

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12562\python38.dll
Filesize
3.7MB

MD5
97d893cd2879f8e9a6bc8a35d203b2f4

SHA1
68ddf1e3a98e080c4ef2c9d241a31dee6aec240b

SHA256
6e7ed993131a5beb3b96736320bafb83a063d3043015bf2b14eea6601a414ab8

SHA512
30804c88389b54a6119c7c134af315330afb234d743b51acbb25f11d2aec3400c7498e918294f4497e49ebf7ddac557509847d785d58fe9cd381a3fbf8eb9378

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12562\select.pyd
Filesize
23KB

MD5
e6969a95ca8b62725206ebef19af0371

SHA1
60bfcad0dd79267793c3b8ff109a98c4201ffc18

SHA256
3f177ee6d35f0dbeb0f0719f4e20404abe6a101c375ab6d27fcd28aa846def2c

SHA512
ae45e272f4b0207dc8720681932641b53379a8b4d1ee7c878ce7804cc475069812d8dcd8689dc6383911b51af272801dbce6b076aaf60f5287c2bacbce8d95e6

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12562\unicodedata.pyd
Filesize
1.0MB

MD5
d40589a59a706d6ff0d95a1b9a5acc0f

SHA1
7a23501a1c5d2d2d300c1496f3a6e455f47769d3

SHA256
b4829151d38443389cb6af2371df4f44e3e9e217b8c7051519d365d5d107e557

SHA512
48158c1dd1b880e33ac409581f79d69197ddfc7b8ae8ee4ea758e9d14563ad6eadaa844db2eb28bf70994a6f196319bb5614fb13fe9d9ec4f33f78c6d24146c0

Download Submit
memory/1164-54-0x0000000000000000-mapping.dmp

Download