Overview

overview

7

Static

static

3

snake_eater.exe

windows10-1703-x64

7

Resubmissions

12/10/2023, 21:59

231012-1v1wvace6x 7

12/10/2023, 21:39

231012-1hx97adf32 7

12/10/2023, 21:30

231012-1csshsdd67 7

Analysis

  • max time kernel
    121s
  • max time network
    132s
  • platform
    windows10-1703_x64
  • resource
    win10-20230915-en
  • resource tags

    arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
  • submitted
    12/10/2023, 21:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    snake_eater.exe

  • Size

    6.9MB

  • MD5

    52eaabffa4a20fecb4c50a937e720e7d

  • SHA1

    e5869e376e230d8c5b0f7181ac19f191895c30b4

  • SHA256

    dd042c46ccab1eef92c289498b7825694a6aab6e04a093b2244b126af01c01fa

  • SHA512

    31f3cd78fbb74e351f80dc09cac4d7355b0d0f688613a99574f8b104ef51050e57b3c03dbb22c6ab8d4be679df951257111a5190ab111a4b9787dd2228c2184a

  • SSDEEP

    98304:+aC8fWQRkhUsdDwG1eFsr7/9YuPlcGxH0Ig17E3AAy5tx5KD/SSvzJT1aOcUoS:+aCYk6YDwGcs9jtcGfcY3gtA71Zc

Score
7/10
spywarestealer

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Windows directory 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 41 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 50 IoCs
  • Suspicious use of SendNotifyMessage 50 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\snake_eater.exe
    "C:\Users\Admin\AppData\Local\Temp\snake_eater.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Users\Admin\AppData\Local\Temp\snake_eater.exe
      "C:\Users\Admin\AppData\Local\Temp\snake_eater.exe"
      2⤵
      • Loads dropped DLL
      PID:4136
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Drops file in Windows directory
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1152

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI21922\VCRUNTIME140.dll
    Filesize

    106KB

    MD5

    49c96cecda5c6c660a107d378fdfc3d4

    SHA1

    00149b7a66723e3f0310f139489fe172f818ca8e

    SHA256

    69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc

    SHA512

    e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI21922\_bz2.pyd
    Filesize

    82KB

    MD5

    4438affaaa0ca1df5b9b1cdaa0115ec1

    SHA1

    4eda79eaf3de614d5f744aa9eea5bfcf66e2d386

    SHA256

    ec91e2b4baca31b992d016b84b70f110ce2b1b2dfd54f5e5bef6270ed7d13b85

    SHA512

    6992107ac4d2108e477bc81af667b8b8e5439231e7e9f4b15ce4bce1aeea811bc0f1aaa438be3b0e38597760cb504367512809ee1937c4b538a86724ae543ba6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI21922\_decimal.pyd
    Filesize

    247KB

    MD5

    be315973aff9bdeb06629cd90e1a901f

    SHA1

    151f98d278e1f1308f2be1788c9f3b950ab88242

    SHA256

    0f9c6cc463611a9b2c692382fe1cdd7a52fea4733ffaf645d433f716f8bbd725

    SHA512

    8ea715438472e9c174dee5ece3c7d9752c31159e2d5796e5229b1df19f87316579352fc3649373db066dc537adf4869198b70b7d4d1d39ac647da2dd7cfc21e8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI21922\_hashlib.pyd
    Filesize

    63KB

    MD5

    1524882af71247adecf5815a4e55366a

    SHA1

    e25014c793c53503bdff9af046140edda329d01b

    SHA256

    6f7742dfdd371c39048d775f37df3bc2d8d4316c9008e62347b337d64ebed327

    SHA512

    5b954bb7953f19aa6f7c65ad3f105b77d37077950fb1b50d9d8d337bdd4b95343bac2f4c9fe17a02d1738d1f87eeef73dbbf5cdddcb470588cbc5a63845b188a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI21922\_lzma.pyd
    Filesize

    155KB

    MD5

    737119a80303ef4eccaa998d500e7640

    SHA1

    328c67c6c4d297ac13da725bf24467d8b5e982e3

    SHA256

    7158c1290ac29169160b3ec94d9c8bcde4012d67a555f325d44b418c54e2cc28

    SHA512

    1c9920e0841a65b01a0b339c5f5254d1039ef9a16fe0c2484a7e2a9048727f2cc081817aa771b0c574fb8d1a5a49dc39798a3c5e5b5e64392e9c168e1827be7c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI21922\_socket.pyd
    Filesize

    77KB

    MD5

    64a6c475f59e5c57b3f4dd935f429f09

    SHA1

    ca2e0719dc32f22163ae0e7b53b2caadb0b9d023

    SHA256

    d03fa645cde89b4b01f4a2577139fbb7e1392cb91dc26213b3b76419110d8e49

    SHA512

    cf9e03b7b34cc095fe05c465f9d794319aaa0428fe30ab4ddce14ba78e835edf228d11ec016fd31dfe9f09d84b6f73482fb8e0f574d1fd08943c1ec9e0584973

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI21922\base_library.zip
    Filesize

    1.4MB

    MD5

    32ede00817b1d74ce945dcd1e8505ad0

    SHA1

    51b5390db339feeed89bffca925896aff49c63fb

    SHA256

    4a73d461851b484d213684f0aadf59d537cba6fe7e75497e609d54c9f2ba5d4a

    SHA512

    a0e070b2ee1347e85f37e9fd589bc8484f206fa9c8f4020de147b815d2041293551e3a14a09a6eb4050cfa1f74843525377e1a99bbdcfb867b61ebddb89f21f7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI21922\libcrypto-3.dll
    Filesize

    4.9MB

    MD5

    7a6a8c2a8c379b111cdceb66b18d687d

    SHA1

    f3b8a4c731fa0145f224112f91f046fddf642794

    SHA256

    8e13b53ee25825b97f191d77b51ed03966f8b435773fa3fbc36f3eb668fc569b

    SHA512

    f2ef1702df861ef55ef397ad69985d62b675d348cab3862f6ca761f1ce3ee896f663a77d7b69b286be64e7c69be1215b03945781450b186fc02cfb1e4cb226b5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI21922\pyarmor_runtime_000000\pyarmor_runtime.pyd
    Filesize

    600KB

    MD5

    639e4f4669f8fba6e404b2bafbd62ace

    SHA1

    79e1c13fdd6d830b323f0ba4ad22adf69571760f

    SHA256

    6f77cbcb75e061bf0fcffc6ab573a1fa3114f021f9cbd1a8b8cf51d608220045

    SHA512

    1610367715c20d018a8074e1776faa01484617995b119013ea87a328463ccb71f91e564987e1b90469b201590bec7fb23e5ba6b439c765b47e7d47566c9bcecf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI21922\python311.dll
    Filesize

    5.5MB

    MD5

    58e01abc9c9b5c885635180ed104fe95

    SHA1

    1c2f7216b125539d63bd111a7aba615c69deb8ba

    SHA256

    de1b95d2e951fc048c84684bc7df4346138910544ee335b61fc8e65f360c3837

    SHA512

    cd32c77191309d99aeed47699501b357b35669123f0dd70ed97c3791a009d1855ab27162db24a4bd9e719b68ee3b0539ee6db88e71abb9a2d4d629f87bc2c081

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI21922\select.pyd
    Filesize

    29KB

    MD5

    653bdccb7af2aa9ccf50cb050fd3be64

    SHA1

    afe0a85425ae911694c250ab4cb1f6c3d3f2cc69

    SHA256

    e24a3e7885df9a18c29ba058c49c3adcf59e4b58107847b98eca365b6d94f279

    SHA512

    07e841fda7a2295380bfa05db7a4699f18c6e639da91d8ee2d126d4f96e4cddaedbd490deb4d2a2e8e5877edfff877693f67a9dc487e29742943e062d7be6277

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI21922\unicodedata.pyd
    Filesize

    1.1MB

    MD5

    1905b5d0f945499441e8cd58eb123d86

    SHA1

    117e584e6fcc0e8cfc8e24e3af527999f14bac30

    SHA256

    b1788b81fa160e5120451f9252c7745cdde98b8ce59bf273a3dd867bb034c532

    SHA512

    ed88cd7e3259239a0c8d42d95fa2447fc454a944c849fa97449ad88871236fefdafe21dbfa6e9b5d8a54ddf1d5281ec34d314cb93d47ce7b13912a69d284f522

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI21922\VCRUNTIME140.dll
    Filesize

    106KB

    MD5

    49c96cecda5c6c660a107d378fdfc3d4

    SHA1

    00149b7a66723e3f0310f139489fe172f818ca8e

    SHA256

    69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc

    SHA512

    e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI21922\_bz2.pyd
    Filesize

    82KB

    MD5

    4438affaaa0ca1df5b9b1cdaa0115ec1

    SHA1

    4eda79eaf3de614d5f744aa9eea5bfcf66e2d386

    SHA256

    ec91e2b4baca31b992d016b84b70f110ce2b1b2dfd54f5e5bef6270ed7d13b85

    SHA512

    6992107ac4d2108e477bc81af667b8b8e5439231e7e9f4b15ce4bce1aeea811bc0f1aaa438be3b0e38597760cb504367512809ee1937c4b538a86724ae543ba6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI21922\_lzma.pyd
    Filesize

    155KB

    MD5

    737119a80303ef4eccaa998d500e7640

    SHA1

    328c67c6c4d297ac13da725bf24467d8b5e982e3

    SHA256

    7158c1290ac29169160b3ec94d9c8bcde4012d67a555f325d44b418c54e2cc28

    SHA512

    1c9920e0841a65b01a0b339c5f5254d1039ef9a16fe0c2484a7e2a9048727f2cc081817aa771b0c574fb8d1a5a49dc39798a3c5e5b5e64392e9c168e1827be7c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI21922\pyarmor_runtime_000000\pyarmor_runtime.pyd
    Filesize

    600KB

    MD5

    639e4f4669f8fba6e404b2bafbd62ace

    SHA1

    79e1c13fdd6d830b323f0ba4ad22adf69571760f

    SHA256

    6f77cbcb75e061bf0fcffc6ab573a1fa3114f021f9cbd1a8b8cf51d608220045

    SHA512

    1610367715c20d018a8074e1776faa01484617995b119013ea87a328463ccb71f91e564987e1b90469b201590bec7fb23e5ba6b439c765b47e7d47566c9bcecf

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI21922\python311.dll
    Filesize

    5.5MB

    MD5

    58e01abc9c9b5c885635180ed104fe95

    SHA1

    1c2f7216b125539d63bd111a7aba615c69deb8ba

    SHA256

    de1b95d2e951fc048c84684bc7df4346138910544ee335b61fc8e65f360c3837

    SHA512

    cd32c77191309d99aeed47699501b357b35669123f0dd70ed97c3791a009d1855ab27162db24a4bd9e719b68ee3b0539ee6db88e71abb9a2d4d629f87bc2c081

    Download Submit

  • memory/4136-37-0x00000000655C0000-0x0000000065664000-memory.dmp

    Filesize

    656KB

    Download