d5d7bc96ee2e5065045a44fc6cf9125c3bd0cfd22387aa293931a28b0b0af3db

Analysis

max time kernel
93s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2022, 04:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

install_me_please.exe
Size

7.7MB
MD5

ea5e91f6de068724a2cc3c178d693139
SHA1

7ed32b495a3deb0a91dfb3d23eea74aded475351
SHA256

d5d7bc96ee2e5065045a44fc6cf9125c3bd0cfd22387aa293931a28b0b0af3db
SHA512

e438d2a7d3aae8d7514b022904a4657454c7207b85df1b4c79537403c2df374109b4f40bffb2275fd495533955ba095d8ea840e0d77352ec304990490c6ae525
SSDEEP

196608:Wwx75kICteEroXxWVfEqlbkkwR7VTEUpGHiV5/jC03xh:rCInEroXgfEqirRRoUpGHiP/ewh

Score

7^/10

spyware stealer

Malware Config

Signatures

Loads dropped DLL 10 IoCs

pid	Process
3600	install_me_please.exe
3600	install_me_please.exe
3600	install_me_please.exe
3600	install_me_please.exe
3600	install_me_please.exe
3600	install_me_please.exe
3600	install_me_please.exe
3600	install_me_please.exe
3600	install_me_please.exe
3600	install_me_please.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 648 wrote to memory of 3600	648	install_me_please.exe	86
PID 648 wrote to memory of 3600	648	install_me_please.exe	86

C:\Users\Admin\AppData\Local\Temp\install_me_please.exe
"C:\Users\Admin\AppData\Local\Temp\install_me_please.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:648
- C:\Users\Admin\AppData\Local\Temp\install_me_please.exe
  "C:\Users\Admin\AppData\Local\Temp\install_me_please.exe"
  2⤵
  - Loads dropped DLL
  PID:3600

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI6482\VCRUNTIME140.dll

Filesize
94KB

MD5
11d9ac94e8cb17bd23dea89f8e757f18

SHA1
d4fb80a512486821ad320c4fd67abcae63005158

SHA256
e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e

SHA512
aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6482\VCRUNTIME140.dll

Filesize
94KB

MD5
11d9ac94e8cb17bd23dea89f8e757f18

SHA1
d4fb80a512486821ad320c4fd67abcae63005158

SHA256
e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e

SHA512
aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6482\_ctypes.pyd

Filesize
123KB

MD5
7ab242d7c026dad5e5837b4579bd4eda

SHA1
b3ff01b8b3da2b3a9c37bfffafc4fb9ee957cc0f

SHA256
1548506345d220d68e9089b9a68b42a9d796141eb6236e600283951cb206eaa1

SHA512
1dd09cf14c87f60b42e5e56d0104154513902c9bfa23eef76a92f4a96c2356b2812dd6eee5e9a74d5ed078ade5f8f6d1f1b01961d7efadfebb543d71c2d31a30

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6482\_ctypes.pyd

Filesize
123KB

MD5
7ab242d7c026dad5e5837b4579bd4eda

SHA1
b3ff01b8b3da2b3a9c37bfffafc4fb9ee957cc0f

SHA256
1548506345d220d68e9089b9a68b42a9d796141eb6236e600283951cb206eaa1

SHA512
1dd09cf14c87f60b42e5e56d0104154513902c9bfa23eef76a92f4a96c2356b2812dd6eee5e9a74d5ed078ade5f8f6d1f1b01961d7efadfebb543d71c2d31a30

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6482\_socket.pyd

Filesize
78KB

MD5
4b2f1faab9e55a65afa05f407c92cab4

SHA1
1e5091b09fc0305cf29ec2e715088e7f46ccbbd4

SHA256
241db349093604ab25405402ba8c4212016657c7e6a10edd3110abeb1cc2e1ba

SHA512
68070db39cd14841bcd49db1acf19806b0aa4b4ac4c56518b3a3baddaac1cd533f0b3ef70a378f53d65c0d6c0f745a6102b63303ea7978c79f688c787efe9cc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6482\_socket.pyd

Filesize
78KB

MD5
4b2f1faab9e55a65afa05f407c92cab4

SHA1
1e5091b09fc0305cf29ec2e715088e7f46ccbbd4

SHA256
241db349093604ab25405402ba8c4212016657c7e6a10edd3110abeb1cc2e1ba

SHA512
68070db39cd14841bcd49db1acf19806b0aa4b4ac4c56518b3a3baddaac1cd533f0b3ef70a378f53d65c0d6c0f745a6102b63303ea7978c79f688c787efe9cc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6482\arc4.cp39-win_amd64.pyd

Filesize
12KB

MD5
d16edde477860e57119ba9a1b278ab9f

SHA1
dfe67eeb21b52633d9f4f4fc037565baca3f1021

SHA256
4710b258e3ef5c8126b0cffa954ade0e226bb71a2341f895a2cc740c8bf7f80d

SHA512
257d7d9d1af1240dc6624bc6c85fae999867616149c63d779c4c2588acd5734744e8193eb3605937a6d56977e49980e569f346a611a3af1c80ad73d6316313ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6482\arc4.cp39-win_amd64.pyd

Filesize
12KB

MD5
d16edde477860e57119ba9a1b278ab9f

SHA1
dfe67eeb21b52633d9f4f4fc037565baca3f1021

SHA256
4710b258e3ef5c8126b0cffa954ade0e226bb71a2341f895a2cc740c8bf7f80d

SHA512
257d7d9d1af1240dc6624bc6c85fae999867616149c63d779c4c2588acd5734744e8193eb3605937a6d56977e49980e569f346a611a3af1c80ad73d6316313ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6482\base_library.zip

Filesize
764KB

MD5
eb823971afaade3e34cdc94868033c9a

SHA1
044d0b7deac27987e035223e3b792164da96502e

SHA256
b92e28c40e84bd3468a09d9f6d99ac5e91a542423e355d2961daa9fbfb9a0ee7

SHA512
b6149a093aad514b23359d42022bdd2b46491d3bae7460979f3becfc836dfb331826e21977aef9d80bb1ab1b0288ad5b99571820bef37fdd5e2788d26a8a1cec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6482\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6482\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6482\python39.dll

Filesize
4.3MB

MD5
7e9d14aa762a46bb5ebac14fbaeaa238

SHA1
a5d90a7df9b90bdd8a84d7dc5066e4ea64ceb3d9

SHA256
e456ef44b261f895a01efb52d26c7a0c7d7d465b647a7b5592708ebf693f12a3

SHA512
280f16348df1c0953bbc6f37ff277485351171d0545ebe469bacd106d907917f87584154aec0f193f37322bc93ac5433cd9a5b5c7f47367176e5a8b19bbd5023

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6482\python39.dll

Filesize
4.3MB

MD5
7e9d14aa762a46bb5ebac14fbaeaa238

SHA1
a5d90a7df9b90bdd8a84d7dc5066e4ea64ceb3d9

SHA256
e456ef44b261f895a01efb52d26c7a0c7d7d465b647a7b5592708ebf693f12a3

SHA512
280f16348df1c0953bbc6f37ff277485351171d0545ebe469bacd106d907917f87584154aec0f193f37322bc93ac5433cd9a5b5c7f47367176e5a8b19bbd5023

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6482\pywintypes39.dll

Filesize
139KB

MD5
977f7ef232671b94251d8eaddd15390d

SHA1
97d9035a5f21df0267f4ae8cd203a92917aab970

SHA256
4ece6771f1206b99dba4e5cf988051472f530bf90bb3114d3fd7377b3f34dfa6

SHA512
1f556c661d3dd963cd563230a1ac1707905ffbfb3d76081f3dd316b40ce55ce1bfcc431f744de98ab3249760d4386cccd54a483b01f98017ff75c6603d316988

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6482\pywintypes39.dll

Filesize
139KB

MD5
977f7ef232671b94251d8eaddd15390d

SHA1
97d9035a5f21df0267f4ae8cd203a92917aab970

SHA256
4ece6771f1206b99dba4e5cf988051472f530bf90bb3114d3fd7377b3f34dfa6

SHA512
1f556c661d3dd963cd563230a1ac1707905ffbfb3d76081f3dd316b40ce55ce1bfcc431f744de98ab3249760d4386cccd54a483b01f98017ff75c6603d316988

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6482\select.pyd

Filesize
28KB

MD5
f8f5a047b98309d425fd06b3b41b16e4

SHA1
2a44819409199b47f11d5d022e6bb1d5d1e77aea

SHA256
5361da714a61f99136737630d50fa4e975d76f5de75e181af73c5a23a2b49012

SHA512
f0a96790fcdabf02b452f5c6b27604f5a10586b4bf759994e6d636cc55335026631fa302e209a53f5e454bea03b958b6d662e0be91fa64ce187a7dc5d35a9aa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6482\select.pyd

Filesize
28KB

MD5
f8f5a047b98309d425fd06b3b41b16e4

SHA1
2a44819409199b47f11d5d022e6bb1d5d1e77aea

SHA256
5361da714a61f99136737630d50fa4e975d76f5de75e181af73c5a23a2b49012

SHA512
f0a96790fcdabf02b452f5c6b27604f5a10586b4bf759994e6d636cc55335026631fa302e209a53f5e454bea03b958b6d662e0be91fa64ce187a7dc5d35a9aa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6482\ucrtbase.dll

Filesize
1.1MB

MD5
bfaa5c95ea3b7d9348cb82d2f83a2e46

SHA1
dad86aebb021e5c7d0de59ac2411e64e8e902792

SHA256
d8d111bed34953e6893a355fb178e7ac38afdaf197d2d684c8bc5549ff245fb5

SHA512
960738979c670557bb343970679279dfe2e514fa0bd44d8be23e568d1db8784b04a9cdc051aba5a8f431696643fa56a9fa7b97967a1932cf871e33376937a018

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6482\ucrtbase.dll

Filesize
1.1MB

MD5
bfaa5c95ea3b7d9348cb82d2f83a2e46

SHA1
dad86aebb021e5c7d0de59ac2411e64e8e902792

SHA256
d8d111bed34953e6893a355fb178e7ac38afdaf197d2d684c8bc5549ff245fb5

SHA512
960738979c670557bb343970679279dfe2e514fa0bd44d8be23e568d1db8784b04a9cdc051aba5a8f431696643fa56a9fa7b97967a1932cf871e33376937a018

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6482\win32api.pyd

Filesize
131KB

MD5
0afa0ac73c1659570e529f51f3a0d8c6

SHA1
f4f7d659bcac3409395aa92a72ba90d0c7db204f

SHA256
b541e3d53be2db7da8e1c16496958fc6c8034ccc8ac763fd00e4a6fbd1162944

SHA512
0bb76bd92cbbd8f1f42a309b9f17124136032a41f7e75977fff4e208794218ed01574c7253a75fa7254cfcdb5f7920ebd8847fff9e851c3a6559eb6ed80590fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6482\win32api.pyd

Filesize
131KB

MD5
0afa0ac73c1659570e529f51f3a0d8c6

SHA1
f4f7d659bcac3409395aa92a72ba90d0c7db204f

SHA256
b541e3d53be2db7da8e1c16496958fc6c8034ccc8ac763fd00e4a6fbd1162944

SHA512
0bb76bd92cbbd8f1f42a309b9f17124136032a41f7e75977fff4e208794218ed01574c7253a75fa7254cfcdb5f7920ebd8847fff9e851c3a6559eb6ed80590fe

Download Submit