Overview
overview
10Static
static
10RUNCECE.exe
windows7-x64
7RUNCECE.exe
windows10-2004-x64
9discord_to...er.pyc
windows7-x64
3discord_to...er.pyc
windows10-2004-x64
3get_cookies.pyc
windows7-x64
3get_cookies.pyc
windows10-2004-x64
3misc.pyc
windows7-x64
3misc.pyc
windows10-2004-x64
3passwords_grabber.pyc
windows7-x64
3passwords_grabber.pyc
windows10-2004-x64
3source_prepared.pyc
windows7-x64
3source_prepared.pyc
windows10-2004-x64
3Analysis
-
max time kernel
1566s -
max time network
1571s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
02-12-2023 19:43
Behavioral task
behavioral1
Sample
RUNCECE.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
RUNCECE.exe
Resource
win10v2004-20231130-en
Behavioral task
behavioral3
Sample
discord_token_grabber.pyc
Resource
win7-20231025-en
Behavioral task
behavioral4
Sample
discord_token_grabber.pyc
Resource
win10v2004-20231127-en
Behavioral task
behavioral5
Sample
get_cookies.pyc
Resource
win7-20231020-en
Behavioral task
behavioral6
Sample
get_cookies.pyc
Resource
win10v2004-20231127-en
Behavioral task
behavioral7
Sample
misc.pyc
Resource
win7-20231023-en
Behavioral task
behavioral8
Sample
misc.pyc
Resource
win10v2004-20231130-en
Behavioral task
behavioral9
Sample
passwords_grabber.pyc
Resource
win7-20231201-en
Behavioral task
behavioral10
Sample
passwords_grabber.pyc
Resource
win10v2004-20231130-en
Behavioral task
behavioral11
Sample
source_prepared.pyc
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
source_prepared.pyc
Resource
win10v2004-20231201-en
General
-
Target
RUNCECE.exe
-
Size
20.8MB
-
MD5
6f54b4191ac9d44e27ab567bf26e4768
-
SHA1
244de438e62d815483561b99550a8b02a2a7625c
-
SHA256
da2ecdafa3fbcc59f30fed701e9c3529432bcc479fc18ffe575310601d8e4576
-
SHA512
284b786e1772db32718b11d0cf2cc65e51259648c16f130ac31b353e3b421e762e2ee5869540d161bd8d7535e06da9bc984cdf3bf6982c15d9a4dab3b5491081
-
SSDEEP
393216:PUdMOZ0JTQDXYCxnOshouIkPUktRL5okJb8LgSUu16RCOdi99AC:PUdMOZ0JTQ7YCxOwouYktRLSaLSqIrj
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
RUNCECE.exepid process 2660 RUNCECE.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI28802\python311.dll upx \Users\Admin\AppData\Local\Temp\_MEI28802\python311.dll upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
RUNCECE.exedescription pid process target process PID 2880 wrote to memory of 2660 2880 RUNCECE.exe RUNCECE.exe PID 2880 wrote to memory of 2660 2880 RUNCECE.exe RUNCECE.exe PID 2880 wrote to memory of 2660 2880 RUNCECE.exe RUNCECE.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
MD55f6fd64ec2d7d73ae49c34dd12cedb23
SHA1c6e0385a868f3153a6e8879527749db52dce4125
SHA256ff9f102264d1944fbfae2ba70e7a71435f51a3e8c677fd970b621c4c9ea71967
SHA512c4be2d042c6e4d22e46eacfd550f61b8f55814bfe41d216a4df48382247df70bc63151068513855aa78f9b3d2f10ba6a824312948324c92de6dd0f6af414e8ab
-
Filesize
1.6MB
MD55f6fd64ec2d7d73ae49c34dd12cedb23
SHA1c6e0385a868f3153a6e8879527749db52dce4125
SHA256ff9f102264d1944fbfae2ba70e7a71435f51a3e8c677fd970b621c4c9ea71967
SHA512c4be2d042c6e4d22e46eacfd550f61b8f55814bfe41d216a4df48382247df70bc63151068513855aa78f9b3d2f10ba6a824312948324c92de6dd0f6af414e8ab