884fd1281078bf84ec7e5d5504249c7d5ff5304092d4565a7b263aec9acff54d

Resubmissions

30/10/2023, 21:04

231030-zwlmwafb7y 7

30/10/2023, 21:03

30/10/2023, 21:00

30/10/2023, 20:57

30/10/2023, 20:19

Analysis

max time kernel
72s
max time network
78s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2023, 20:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

snake_eaterII.exe
Size

6.9MB
MD5

bf8992602fb929f15c856fa33b683153
SHA1

6fb6587d3e13c10381a873df89adaa759ad0e024
SHA256

803441e8f57b727a4eb403be2a4088b99b1877bb45a80de37e80df4442a1f8f7
SHA512

f8209489e95ac9df5c401865838e864a79397a3c97ac07bbaf0a98e8719b1547b99d7ee479b04e5501d2f57f6c927ef1f364b62b3c54d9be29b88f0f86f31ee4
SSDEEP

98304:Kak8YWQRkhUsdDwG1eFsr7/9YKPlcGxH0Ig17E3AAy5tx5KD/SSvzJT1aOcUoS:Kak9k6YDwGcs9VtcGfcY3gtA71Zc

Score

7^/10

spyware stealer

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
5000	snake_eaterII.exe
5000	snake_eaterII.exe
5000	snake_eaterII.exe
5000	snake_eaterII.exe
5000	snake_eaterII.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3304	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3304	vlc.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
3304	vlc.exe
3304	vlc.exe
3304	vlc.exe
3304	vlc.exe
3304	vlc.exe
3304	vlc.exe
3304	vlc.exe
3304	vlc.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
3304	vlc.exe
3304	vlc.exe
3304	vlc.exe
3304	vlc.exe
3304	vlc.exe
3304	vlc.exe
3304	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3304	vlc.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 5000	3044	snake_eaterII.exe	89
PID 3044 wrote to memory of 5000	3044	snake_eaterII.exe	89

C:\Users\Admin\AppData\Local\Temp\snake_eaterII.exe
"C:\Users\Admin\AppData\Local\Temp\snake_eaterII.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Users\Admin\AppData\Local\Temp\snake_eaterII.exe
  "C:\Users\Admin\AppData\Local\Temp\snake_eaterII.exe"
  2⤵
  - Loads dropped DLL
  PID:5000

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\MergeDeny.3gp"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3304

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:5040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI30442\VCRUNTIME140.dll

Filesize
106KB

MD5
49c96cecda5c6c660a107d378fdfc3d4

SHA1
00149b7a66723e3f0310f139489fe172f818ca8e

SHA256
69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc

SHA512
e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30442\VCRUNTIME140.dll

Filesize
106KB

MD5
49c96cecda5c6c660a107d378fdfc3d4

SHA1
00149b7a66723e3f0310f139489fe172f818ca8e

SHA256
69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc

SHA512
e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30442\_bz2.pyd

Filesize
82KB

MD5
4438affaaa0ca1df5b9b1cdaa0115ec1

SHA1
4eda79eaf3de614d5f744aa9eea5bfcf66e2d386

SHA256
ec91e2b4baca31b992d016b84b70f110ce2b1b2dfd54f5e5bef6270ed7d13b85

SHA512
6992107ac4d2108e477bc81af667b8b8e5439231e7e9f4b15ce4bce1aeea811bc0f1aaa438be3b0e38597760cb504367512809ee1937c4b538a86724ae543ba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30442\_bz2.pyd

Filesize
82KB

MD5
4438affaaa0ca1df5b9b1cdaa0115ec1

SHA1
4eda79eaf3de614d5f744aa9eea5bfcf66e2d386

SHA256
ec91e2b4baca31b992d016b84b70f110ce2b1b2dfd54f5e5bef6270ed7d13b85

SHA512
6992107ac4d2108e477bc81af667b8b8e5439231e7e9f4b15ce4bce1aeea811bc0f1aaa438be3b0e38597760cb504367512809ee1937c4b538a86724ae543ba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30442\_decimal.pyd

Filesize
247KB

MD5
be315973aff9bdeb06629cd90e1a901f

SHA1
151f98d278e1f1308f2be1788c9f3b950ab88242

SHA256
0f9c6cc463611a9b2c692382fe1cdd7a52fea4733ffaf645d433f716f8bbd725

SHA512
8ea715438472e9c174dee5ece3c7d9752c31159e2d5796e5229b1df19f87316579352fc3649373db066dc537adf4869198b70b7d4d1d39ac647da2dd7cfc21e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30442\_hashlib.pyd

Filesize
63KB

MD5
1524882af71247adecf5815a4e55366a

SHA1
e25014c793c53503bdff9af046140edda329d01b

SHA256
6f7742dfdd371c39048d775f37df3bc2d8d4316c9008e62347b337d64ebed327

SHA512
5b954bb7953f19aa6f7c65ad3f105b77d37077950fb1b50d9d8d337bdd4b95343bac2f4c9fe17a02d1738d1f87eeef73dbbf5cdddcb470588cbc5a63845b188a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30442\_lzma.pyd

Filesize
155KB

MD5
737119a80303ef4eccaa998d500e7640

SHA1
328c67c6c4d297ac13da725bf24467d8b5e982e3

SHA256
7158c1290ac29169160b3ec94d9c8bcde4012d67a555f325d44b418c54e2cc28

SHA512
1c9920e0841a65b01a0b339c5f5254d1039ef9a16fe0c2484a7e2a9048727f2cc081817aa771b0c574fb8d1a5a49dc39798a3c5e5b5e64392e9c168e1827be7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30442\_lzma.pyd

Filesize
155KB

MD5
737119a80303ef4eccaa998d500e7640

SHA1
328c67c6c4d297ac13da725bf24467d8b5e982e3

SHA256
7158c1290ac29169160b3ec94d9c8bcde4012d67a555f325d44b418c54e2cc28

SHA512
1c9920e0841a65b01a0b339c5f5254d1039ef9a16fe0c2484a7e2a9048727f2cc081817aa771b0c574fb8d1a5a49dc39798a3c5e5b5e64392e9c168e1827be7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30442\_socket.pyd

Filesize
77KB

MD5
64a6c475f59e5c57b3f4dd935f429f09

SHA1
ca2e0719dc32f22163ae0e7b53b2caadb0b9d023

SHA256
d03fa645cde89b4b01f4a2577139fbb7e1392cb91dc26213b3b76419110d8e49

SHA512
cf9e03b7b34cc095fe05c465f9d794319aaa0428fe30ab4ddce14ba78e835edf228d11ec016fd31dfe9f09d84b6f73482fb8e0f574d1fd08943c1ec9e0584973

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30442\base_library.zip

Filesize
1.4MB

MD5
32ede00817b1d74ce945dcd1e8505ad0

SHA1
51b5390db339feeed89bffca925896aff49c63fb

SHA256
4a73d461851b484d213684f0aadf59d537cba6fe7e75497e609d54c9f2ba5d4a

SHA512
a0e070b2ee1347e85f37e9fd589bc8484f206fa9c8f4020de147b815d2041293551e3a14a09a6eb4050cfa1f74843525377e1a99bbdcfb867b61ebddb89f21f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30442\libcrypto-3.dll

Filesize
4.9MB

MD5
7a6a8c2a8c379b111cdceb66b18d687d

SHA1
f3b8a4c731fa0145f224112f91f046fddf642794

SHA256
8e13b53ee25825b97f191d77b51ed03966f8b435773fa3fbc36f3eb668fc569b

SHA512
f2ef1702df861ef55ef397ad69985d62b675d348cab3862f6ca761f1ce3ee896f663a77d7b69b286be64e7c69be1215b03945781450b186fc02cfb1e4cb226b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30442\pyarmor_runtime_000000\pyarmor_runtime.pyd

Filesize
600KB

MD5
f8259190152a57964401c9b4ba08d39f

SHA1
e89a09a4b4cad844d6aa65d2a760be84d02f1c73

SHA256
4eb91c3aaf0fbddb4412ac91c0ddb6f70ea1458ab983aa721dcfe17d73a42aa7

SHA512
700d2b15eedc05c30ddcbec958b8ec1c378f52049baf72eaba44c5b383aa692268da3debf832869f8a39cff07e47d515a0b8151433a59113ea9dce899b076af4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30442\pyarmor_runtime_000000\pyarmor_runtime.pyd

Filesize
600KB

MD5
f8259190152a57964401c9b4ba08d39f

SHA1
e89a09a4b4cad844d6aa65d2a760be84d02f1c73

SHA256
4eb91c3aaf0fbddb4412ac91c0ddb6f70ea1458ab983aa721dcfe17d73a42aa7

SHA512
700d2b15eedc05c30ddcbec958b8ec1c378f52049baf72eaba44c5b383aa692268da3debf832869f8a39cff07e47d515a0b8151433a59113ea9dce899b076af4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30442\python311.dll

Filesize
5.5MB

MD5
58e01abc9c9b5c885635180ed104fe95

SHA1
1c2f7216b125539d63bd111a7aba615c69deb8ba

SHA256
de1b95d2e951fc048c84684bc7df4346138910544ee335b61fc8e65f360c3837

SHA512
cd32c77191309d99aeed47699501b357b35669123f0dd70ed97c3791a009d1855ab27162db24a4bd9e719b68ee3b0539ee6db88e71abb9a2d4d629f87bc2c081

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30442\python311.dll

Filesize
5.5MB

MD5
58e01abc9c9b5c885635180ed104fe95

SHA1
1c2f7216b125539d63bd111a7aba615c69deb8ba

SHA256
de1b95d2e951fc048c84684bc7df4346138910544ee335b61fc8e65f360c3837

SHA512
cd32c77191309d99aeed47699501b357b35669123f0dd70ed97c3791a009d1855ab27162db24a4bd9e719b68ee3b0539ee6db88e71abb9a2d4d629f87bc2c081

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30442\select.pyd

Filesize
29KB

MD5
653bdccb7af2aa9ccf50cb050fd3be64

SHA1
afe0a85425ae911694c250ab4cb1f6c3d3f2cc69

SHA256
e24a3e7885df9a18c29ba058c49c3adcf59e4b58107847b98eca365b6d94f279

SHA512
07e841fda7a2295380bfa05db7a4699f18c6e639da91d8ee2d126d4f96e4cddaedbd490deb4d2a2e8e5877edfff877693f67a9dc487e29742943e062d7be6277

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30442\unicodedata.pyd

Filesize
1.1MB

MD5
1905b5d0f945499441e8cd58eb123d86

SHA1
117e584e6fcc0e8cfc8e24e3af527999f14bac30

SHA256
b1788b81fa160e5120451f9252c7745cdde98b8ce59bf273a3dd867bb034c532

SHA512
ed88cd7e3259239a0c8d42d95fa2447fc454a944c849fa97449ad88871236fefdafe21dbfa6e9b5d8a54ddf1d5281ec34d314cb93d47ce7b13912a69d284f522

Download Submit
memory/3304-61-0x00007FF8F3770000-0x00007FF8F37D7000-memory.dmp

Filesize
412KB

Download
memory/3304-69-0x00007FF8F35B0000-0x00007FF8F35C1000-memory.dmp

Filesize
68KB

Download
memory/3304-40-0x00007FF8F9600000-0x00007FF8F9634000-memory.dmp

Filesize
208KB

Download
memory/3304-42-0x00007FF8FCB00000-0x00007FF8FCB18000-memory.dmp

Filesize
96KB

Download
memory/3304-41-0x00007FF8F4A90000-0x00007FF8F4D44000-memory.dmp

Filesize
2.7MB

Download
memory/3304-43-0x00007FF8F6A20000-0x00007FF8F6A37000-memory.dmp

Filesize
92KB

Download
memory/3304-44-0x00007FF8F5ED0000-0x00007FF8F5EE1000-memory.dmp

Filesize
68KB

Download
memory/3304-45-0x00007FF8F5EB0000-0x00007FF8F5EC7000-memory.dmp

Filesize
92KB

Download
memory/3304-47-0x00007FF8F5B50000-0x00007FF8F5B6D000-memory.dmp

Filesize
116KB

Download
memory/3304-46-0x00007FF8F5C30000-0x00007FF8F5C41000-memory.dmp

Filesize
68KB

Download
memory/3304-48-0x00007FF8F5B30000-0x00007FF8F5B41000-memory.dmp

Filesize
68KB

Download
memory/3304-49-0x00007FF8F39E0000-0x00007FF8F4A8B000-memory.dmp

Filesize
16.7MB

Download
memory/3304-50-0x00007FF8F37E0000-0x00007FF8F39E0000-memory.dmp

Filesize
2.0MB

Download
memory/3304-51-0x00007FF8F5AF0000-0x00007FF8F5B2F000-memory.dmp

Filesize
252KB

Download
memory/3304-52-0x00007FF8F5AC0000-0x00007FF8F5AE1000-memory.dmp

Filesize
132KB

Download
memory/3304-53-0x00007FF8F5AA0000-0x00007FF8F5AB8000-memory.dmp

Filesize
96KB

Download
memory/3304-54-0x00007FF8F5A80000-0x00007FF8F5A91000-memory.dmp

Filesize
68KB

Download
memory/3304-55-0x00007FF8F5A60000-0x00007FF8F5A71000-memory.dmp

Filesize
68KB

Download
memory/3304-56-0x00007FF8F5A40000-0x00007FF8F5A51000-memory.dmp

Filesize
68KB

Download
memory/3304-57-0x00007FF8F5A20000-0x00007FF8F5A3B000-memory.dmp

Filesize
108KB

Download
memory/3304-59-0x00007FF8F59E0000-0x00007FF8F59F8000-memory.dmp

Filesize
96KB

Download
memory/3304-58-0x00007FF8F5A00000-0x00007FF8F5A11000-memory.dmp

Filesize
68KB

Download
memory/3304-60-0x00007FF8F59B0000-0x00007FF8F59E0000-memory.dmp

Filesize
192KB

Download
memory/3304-101-0x00007FF8F28F0000-0x00007FF8F2901000-memory.dmp

Filesize
68KB

Download
memory/3304-62-0x00007FF8F3700000-0x00007FF8F376F000-memory.dmp

Filesize
444KB

Download
memory/3304-64-0x00007FF8F3680000-0x00007FF8F36D6000-memory.dmp

Filesize
344KB

Download
memory/3304-63-0x00007FF8F36E0000-0x00007FF8F36F1000-memory.dmp

Filesize
68KB

Download
memory/3304-65-0x00007FF8F3650000-0x00007FF8F3678000-memory.dmp

Filesize
160KB

Download
memory/3304-66-0x00007FF8F3620000-0x00007FF8F3644000-memory.dmp

Filesize
144KB

Download
memory/3304-67-0x00007FF8F3600000-0x00007FF8F3617000-memory.dmp

Filesize
92KB

Download
memory/3304-68-0x00007FF8F35D0000-0x00007FF8F35F3000-memory.dmp

Filesize
140KB

Download
memory/3304-39-0x00007FF60C110000-0x00007FF60C208000-memory.dmp

Filesize
992KB

Download
memory/3304-70-0x00007FF8F3590000-0x00007FF8F35A2000-memory.dmp

Filesize
72KB

Download
memory/3304-71-0x00007FF8F3560000-0x00007FF8F3581000-memory.dmp

Filesize
132KB

Download
memory/3304-72-0x00007FF8F3540000-0x00007FF8F3553000-memory.dmp

Filesize
76KB

Download
memory/3304-74-0x00007FF8F33E0000-0x00007FF8F351B000-memory.dmp

Filesize
1.2MB

Download
memory/3304-75-0x00007FF8F33B0000-0x00007FF8F33DC000-memory.dmp

Filesize
176KB

Download
memory/3304-73-0x00007FF8F3520000-0x00007FF8F3532000-memory.dmp

Filesize
72KB

Download
memory/3304-76-0x00007FF8F31F0000-0x00007FF8F33A2000-memory.dmp

Filesize
1.7MB

Download
memory/3304-77-0x00007FF8F3190000-0x00007FF8F31EC000-memory.dmp

Filesize
368KB

Download
memory/3304-78-0x00007FF8F3170000-0x00007FF8F3181000-memory.dmp

Filesize
68KB

Download
memory/3304-79-0x00007FF8F30D0000-0x00007FF8F3167000-memory.dmp

Filesize
604KB

Download
memory/3304-80-0x00007FF8F30B0000-0x00007FF8F30C2000-memory.dmp

Filesize
72KB

Download
memory/3304-81-0x00007FF8F2E70000-0x00007FF8F30A1000-memory.dmp

Filesize
2.2MB

Download
memory/3304-82-0x00007FF8F2D50000-0x00007FF8F2E62000-memory.dmp

Filesize
1.1MB

Download
memory/3304-83-0x00007FF8F2D10000-0x00007FF8F2D45000-memory.dmp

Filesize
212KB

Download
memory/3304-84-0x00007FF8F2CE0000-0x00007FF8F2D05000-memory.dmp

Filesize
148KB

Download
memory/3304-85-0x00007FF8F2CC0000-0x00007FF8F2CD1000-memory.dmp

Filesize
68KB

Download
memory/3304-86-0x00007FF8F2C50000-0x00007FF8F2CB1000-memory.dmp

Filesize
388KB

Download
memory/3304-88-0x00007FF8F2C10000-0x00007FF8F2C22000-memory.dmp

Filesize
72KB

Download
memory/3304-89-0x00007FF8F2BF0000-0x00007FF8F2C03000-memory.dmp

Filesize
76KB

Download
memory/3304-87-0x00007FF8F2C30000-0x00007FF8F2C41000-memory.dmp

Filesize
68KB

Download
memory/3304-90-0x00007FF8F2B50000-0x00007FF8F2BEF000-memory.dmp

Filesize
636KB

Download
memory/3304-91-0x00007FF8F2B30000-0x00007FF8F2B41000-memory.dmp

Filesize
68KB

Download
memory/3304-92-0x00007FF8F2A20000-0x00007FF8F2B22000-memory.dmp

Filesize
1.0MB

Download
memory/3304-93-0x00007FF8F2A00000-0x00007FF8F2A11000-memory.dmp

Filesize
68KB

Download
memory/3304-94-0x00007FF8F29E0000-0x00007FF8F29F1000-memory.dmp

Filesize
68KB

Download
memory/3304-95-0x00007FF8F29C0000-0x00007FF8F29D1000-memory.dmp

Filesize
68KB

Download
memory/3304-96-0x00007FF8F29A0000-0x00007FF8F29B2000-memory.dmp

Filesize
72KB

Download
memory/3304-97-0x00007FF8F2980000-0x00007FF8F2998000-memory.dmp

Filesize
96KB

Download
memory/3304-98-0x00007FF8F2960000-0x00007FF8F2976000-memory.dmp

Filesize
88KB

Download
memory/3304-99-0x00007FF8F2930000-0x00007FF8F2959000-memory.dmp

Filesize
164KB

Download
memory/3304-100-0x00007FF8F2910000-0x00007FF8F2922000-memory.dmp

Filesize
72KB

Download
memory/5000-33-0x00000000655C0000-0x0000000065664000-memory.dmp

Filesize
656KB

Download