cf5db40e76502684691f24c69a72aed297bb6c12f3f7b45b7672b637f87e61d6

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 20:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03607d86e65d1e6adeabced1e3bd7430.exe
Size

6.4MB
MD5

03607d86e65d1e6adeabced1e3bd7430
SHA1

0bfc5b8fb21c0f246d4d61566ee79a22e098cefc
SHA256

cf5db40e76502684691f24c69a72aed297bb6c12f3f7b45b7672b637f87e61d6
SHA512

b9c8d44516218c288d9ae8316258c1da9c23242407359c443f7706c5b7e3acc89638ac03fff921d5282a66dd88a0a682fe1e5444a084ebdcdf3be1a2b221c3fb
SSDEEP

196608:hZEby9onJ5hrZERMB2WZufOuD9L8Ky+ShO6+mb0:qy9c5hlERo2WmfDZrhSYu

Score

7^/10

spyware stealer

Malware Config

Signatures

Loads dropped DLL 13 IoCs

pid	Process
2000	03607d86e65d1e6adeabced1e3bd7430.exe
2000	03607d86e65d1e6adeabced1e3bd7430.exe
2000	03607d86e65d1e6adeabced1e3bd7430.exe
2000	03607d86e65d1e6adeabced1e3bd7430.exe
2000	03607d86e65d1e6adeabced1e3bd7430.exe
2000	03607d86e65d1e6adeabced1e3bd7430.exe
2000	03607d86e65d1e6adeabced1e3bd7430.exe
2000	03607d86e65d1e6adeabced1e3bd7430.exe
2000	03607d86e65d1e6adeabced1e3bd7430.exe
2000	03607d86e65d1e6adeabced1e3bd7430.exe
2000	03607d86e65d1e6adeabced1e3bd7430.exe
2000	03607d86e65d1e6adeabced1e3bd7430.exe
2000	03607d86e65d1e6adeabced1e3bd7430.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
2	api.ipify.org
3	api.ipify.org

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 2000	1968	03607d86e65d1e6adeabced1e3bd7430.exe	29
PID 1968 wrote to memory of 2000	1968	03607d86e65d1e6adeabced1e3bd7430.exe	29
PID 1968 wrote to memory of 2000	1968	03607d86e65d1e6adeabced1e3bd7430.exe	29

C:\Users\Admin\AppData\Local\Temp\03607d86e65d1e6adeabced1e3bd7430.exe
"C:\Users\Admin\AppData\Local\Temp\03607d86e65d1e6adeabced1e3bd7430.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Users\Admin\AppData\Local\Temp\03607d86e65d1e6adeabced1e3bd7430.exe
  "C:\Users\Admin\AppData\Local\Temp\03607d86e65d1e6adeabced1e3bd7430.exe"
  2⤵
  - Loads dropped DLL
  PID:2000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI19682\_lzma.pyd

Filesize
152KB

MD5
ddbd0c86c0d353929bca2125cc512df1

SHA1
5888480f133e552b8eb573b16c14d8b8a80109ae

SHA256
d4c6c32805ebfe0760ce022f633f9e0c005209bd863f8fd0a27e93d522c3aac3

SHA512
d3878b4d41413f80e2aa53f9ce5609fe732246768797f5d686f4ffeb7bdda769c41a9181e6bd80bdd57407d5455429b5ba0d4109cd252a79e16e38be75647b06

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19682\_ssl.pyd

Filesize
150KB

MD5
fefbb91866778278460e16e44cfb8151

SHA1
53890f03a999078b70b921b104df198f2f481a7c

SHA256
8a10b301294a35bc3a96a59ca434a628753a13d26de7c7cb51d37cf96c3bdbb5

SHA512
449b5f0c089626db1824ebe405b97a67b073ea7ce22cee72aa3b2490136b3b6218e9f15d71da6fd32fba090255d3a0ba0e77a36c1f8b8bea45f6be95a91e388d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19682\base_library.zip

Filesize
240KB

MD5
0b5a7d4b87cf358eb6023813a18e1137

SHA1
4216751d5c9ffbea87b5a16c0553a274e3ba59ab

SHA256
1c87f70b1481e0f34762b7940e12756f80462938fa06769e84ef84ee74b1e48c

SHA512
a20fb56ec2fc071c347dc916756e45f419a4b34dc702f7e43223518ba80abb9b50588b7efe6c0b10f5d7a06f23b5145354862f39efc380c3f710a38f11dad51b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19682\libcrypto-1_1.dll

Filesize
141KB

MD5
dee0d482da292b079edd46897a27c46d

SHA1
2dabfac39c1ab30d5d3894a3874124e1a29323db

SHA256
f6e7572dc76a0f95841f5d742529eafd6977c7260c0db1c9fa5143c045214623

SHA512
8c8dbdaf4d31cdda39e9ce3f9f4fe16de43a39219eeaa370763249bb12698819a18f2ef5724c9bbf00598c88332ff98870baed55b2d561dfc6adeb96ab9c4459

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19682\libssl-1_1.dll

Filesize
230KB

MD5
2a5013a340d85163f9fd56e44af49c43

SHA1
b30d3de33e368422c46178b3920787537efd9936

SHA256
ce639d4c9aab1b2af997dd65f67f1ce248e5ce98440f7439175908427f63f935

SHA512
c81ca82b22dd04fb3b9ee1cea7946046bdf7f64e79b00c542ae8e8d7f7496dc5e5f420d2db608466ce8403f90655a088fd828c20b27b3807c4109c3f7cec1941

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19682\python38.dll

Filesize
1.1MB

MD5
750fbe406dd01df41b2c15361e88463a

SHA1
348fe0d2938274ad079c58939e916c8d64f22294

SHA256
87fe3da5541759b1ce914cadf657b68edee81ea389b26444b10b365458ef0cae

SHA512
79d088730621eebcebea9e4730dbd734fc3ff893c58a70c4d921db4e99c36a0aa884d4d354045d10ffe5bfdf1a6a72a1f71270580d8a244b46cda32b6ee4a761

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19682\unicodedata.pyd

Filesize
160KB

MD5
8b094c61000bfc3378b732d9ba6fd38f

SHA1
0478210e98d8c236f622f699f9497a6451d1e66e

SHA256
d0ae3eca4d48c419ea2f8f9de05cb884f29d2669ad7a79617bec3bd8f2d96d48

SHA512
63f56b219ddd064014e57b0ddd539d9fbfd2bc05109ba05a897dd9cb08cda2a4f2b89d841ccb87025ec6ded4ffd22c2af6a91c91b6e82efbc65b62e675f67260

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19682\VCRUNTIME140.dll

Filesize
99KB

MD5
8697c106593e93c11adc34faa483c4a0

SHA1
cd080c51a97aa288ce6394d6c029c06ccb783790

SHA256
ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833

SHA512
724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19682\_bz2.pyd

Filesize
84KB

MD5
b89b6c064cd8241ae12addb7f376cab2

SHA1
29e86a1df404c442e14344042d39a98dd15425f7

SHA256
0563df6e938b836f817c49e0cf9828cc251b2092a84273152ea5a7c537c03beb

SHA512
f87b1c6d90cfb01316a17ad37f27287d5ef4ff3a0f7fd25303203ea7c7fa1ed12c1aef486dc9bbb8b4d527f37e771b950fa5142b2bac01f52afbfdbf7a77111d

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19682\_ctypes.pyd

Filesize
123KB

MD5
4d13a7b3ecc8c7dc96a0424c465d7251

SHA1
0c72f7259ac9108d956aede40b6fcdf3a3943cb5

SHA256
2995ef03e784c68649fa7898979cbb2c1737f691348fae15f325d9fc524df8ed

SHA512
68ff7c421007d63a970269089afb39c949d6cf9f4d56aff7e4e0b88d3c43cfaa352364c5326523386c00727cc36e64274a51b5dbb3a343b16201cf5fc264fec8

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19682\_hashlib.pyd

Filesize
45KB

MD5
496cde3c381c8e33186354631dfad0f1

SHA1
cbdb280ecb54469fd1987b9eff666d519e20249f

SHA256
f9548e3b71764ac99efb988e4daac249e300eb629c58d2a341b753299180c679

SHA512
f7245eb24f2b6d8bc22f876d6abb90e77db46bf0e5ab367f2e02e4ca936c898a5a14d843235adc5502f6d74715da0b93d86222e8dec592ae41ab59d56432bf4f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19682\_lzma.pyd

Filesize
158KB

MD5
6e396653552d446c8114e98e5e195d09

SHA1
c1f760617f7f640d6f84074d6d5218d5a338a6ec

SHA256
5ddba137db772b61d4765c45b6156b2ee33a1771ddd52dd55b0ef592535785cf

SHA512
c4bf2c4c51350b9142da3faeadf72f94994e614f9e43e3c2a1675aa128c6e7f1212fd388a71124971648488bb718ca9b66452e5d0d0b840a0979df7146ed7ae5

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19682\_socket.pyd

Filesize
77KB

MD5
eb974aeda30d7478bb800bb4c5fbc0a2

SHA1
c5b7bc326bd003d42bcf620d657cac3f46f9d566

SHA256
1db7b4f6ae31c4d35ef874eb328f735c96a2457677a3119e9544ee2a79bc1016

SHA512
f9eea3636371ba508d563cf21541a21879ce50a5666e419ecfd74255c8decc3ae5e2ceb4a8f066ae519101dd71a116335a359e3343e8b2ff3884812099ae9b1b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19682\libcrypto-1_1.dll

Filesize
533KB

MD5
e94db6b0035f8d9c4e42525160d87421

SHA1
d435f8d6caa2e63c9faf9038738616ea11629cb4

SHA256
8b593012e661127da931f0a94db32a70fb7a7926378623e5e18efec2e40bc302

SHA512
6c394a2dd791afe020bb0c67cbed5b63de510befaea706ed3bbf61ee0bdfa84cd2e73122e0b14cca6c1c513f0f77eef7c050998beff7bab11e8091fb7a420804

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19682\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19682\libssl-1_1.dll

Filesize
364KB

MD5
8a5479c87d7ed3dd241aa0825e28a053

SHA1
5b10ba773f5bc475674d2823d32be007413a0c92

SHA256
60f7b5c43b4f9aa415e4c90a2594e8d6ce0a941a159f50ded1f537da1b997aee

SHA512
1ba8d578dd1f9f340b1384d34ea443e83f986804e9a7ed46c1018a5a20969c86836f0ee4742c90b19bd60e2ec46a98fb0a10bb657da559c1230a99fc16f95e20

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19682\python38.dll

Filesize
599KB

MD5
6408602ba43fd473c9c3ca97dd1550e2

SHA1
906c962200415e7117dece0702e75cd087157602

SHA256
ca5b82a8899db761722e43b3dec23df914a52b2448f277bdee5d513e8b4b7e81

SHA512
68e03548802b1d3644d4f5fb8e33ad29814c4538b09d4c944101a2386cff75e7e27c8582a2051490e894fb9697966ea386c4609f6ab2277640ee050e1757b388

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19682\select.pyd

Filesize
26KB

MD5
08b499ae297c5579ba05ea87c31aff5b

SHA1
4a1a9f1bf41c284e9c5a822f7d018f8edc461422

SHA256
940fb90fd78b5be4d72279dcf9c24a8b1fcf73999f39909980b12565a7921281

SHA512
ab26f4f80449aa9cc24e68344fc89aeb25d5ba5aae15aeed59a804216825818edfe31c7fda837a93a6db4068ccfb1cc7e99173a80bd9dda33bfb2d3b5937d7e9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19682\unicodedata.pyd

Filesize
209KB

MD5
dc4c0a6940b3743568d9dd96398d9198

SHA1
f90f87576f7fe30c50caf8586c93ec1b83b13275

SHA256
1eede78a9e7f9f65c9bddd2e0d2716c22c4d441a56f2564246a008d6d1434533

SHA512
60dd2905d7761da46c8c6ba5cc867b437b98e3fcc30ffa5eea3eaebba497a2f90b57fade988f3d9ce48a8ed47ea5658a88a80325a97c13ea1100c6f0731da122

Download Submit