Overview
overview
10Static
static
10ZCpu.exe
windows7-x64
7ZCpu.exe
windows10-2004-x64
9discord_to...er.pyc
windows7-x64
3discord_to...er.pyc
windows10-2004-x64
3get_cookies.pyc
windows7-x64
3get_cookies.pyc
windows10-2004-x64
3misc.pyc
windows7-x64
3misc.pyc
windows10-2004-x64
3passwords_grabber.pyc
windows7-x64
3passwords_grabber.pyc
windows10-2004-x64
3source_prepared.pyc
windows7-x64
3source_prepared.pyc
windows10-2004-x64
3Analysis
-
max time kernel
38s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
22-11-2023 11:26
Behavioral task
behavioral1
Sample
ZCpu.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
ZCpu.exe
Resource
win10v2004-20231020-en
Behavioral task
behavioral3
Sample
discord_token_grabber.pyc
Resource
win7-20231023-en
Behavioral task
behavioral4
Sample
discord_token_grabber.pyc
Resource
win10v2004-20231023-en
Behavioral task
behavioral5
Sample
get_cookies.pyc
Resource
win7-20231020-en
Behavioral task
behavioral6
Sample
get_cookies.pyc
Resource
win10v2004-20231020-en
Behavioral task
behavioral7
Sample
misc.pyc
Resource
win7-20231023-en
Behavioral task
behavioral8
Sample
misc.pyc
Resource
win10v2004-20231023-en
Behavioral task
behavioral9
Sample
passwords_grabber.pyc
Resource
win7-20231023-en
Behavioral task
behavioral10
Sample
passwords_grabber.pyc
Resource
win10v2004-20231023-en
Behavioral task
behavioral11
Sample
source_prepared.pyc
Resource
win7-20231020-en
Behavioral task
behavioral12
Sample
source_prepared.pyc
Resource
win10v2004-20231025-en
General
-
Target
ZCpu.exe
-
Size
79.0MB
-
MD5
c9b3c6bc9b60cc3119220a793c9f5f11
-
SHA1
e39e6333ebe28d926472b2f97d40cd1b135c978e
-
SHA256
90227adfa7c1e4d9c0a942f9135673dbe62f8050126e8fee70470588b3809cb7
-
SHA512
1964fb0d8d888f14a5421a096ab2e3c648d2f934959a7668581e1ddb737c593c915d7cf8196d531ac7c302775b780d63555f288a90407e3ebc40c55a74c7a582
-
SSDEEP
1572864:Y2MmiJR5QYHJiXgSk8IpG7V+VPhqoHZE7xHp5tWWfsnghowmaOllIWEawEBeWBg6:YZmCxp0gSkB05awoHYJjlmghfxOllI1j
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
ZCpu.exepid process 2816 ZCpu.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI26642\python311.dll upx \Users\Admin\AppData\Local\Temp\_MEI26642\python311.dll upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
ZCpu.exedescription pid process target process PID 2664 wrote to memory of 2816 2664 ZCpu.exe ZCpu.exe PID 2664 wrote to memory of 2816 2664 ZCpu.exe ZCpu.exe PID 2664 wrote to memory of 2816 2664 ZCpu.exe ZCpu.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
MD55f6fd64ec2d7d73ae49c34dd12cedb23
SHA1c6e0385a868f3153a6e8879527749db52dce4125
SHA256ff9f102264d1944fbfae2ba70e7a71435f51a3e8c677fd970b621c4c9ea71967
SHA512c4be2d042c6e4d22e46eacfd550f61b8f55814bfe41d216a4df48382247df70bc63151068513855aa78f9b3d2f10ba6a824312948324c92de6dd0f6af414e8ab
-
Filesize
1.6MB
MD55f6fd64ec2d7d73ae49c34dd12cedb23
SHA1c6e0385a868f3153a6e8879527749db52dce4125
SHA256ff9f102264d1944fbfae2ba70e7a71435f51a3e8c677fd970b621c4c9ea71967
SHA512c4be2d042c6e4d22e46eacfd550f61b8f55814bfe41d216a4df48382247df70bc63151068513855aa78f9b3d2f10ba6a824312948324c92de6dd0f6af414e8ab