abac96f7f404d50d76d0f3bc501a5b60b3026dc63c713d40e4ff18eca6736488

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 23:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

208667472049a045cb965920b62b81fd.exe
Size

6.6MB
MD5

208667472049a045cb965920b62b81fd
SHA1

a114f1892bbceb4ac96f89c3274c34babae336c2
SHA256

abac96f7f404d50d76d0f3bc501a5b60b3026dc63c713d40e4ff18eca6736488
SHA512

aec49b09e4306c822462dc8cd6a811eaea19a5d05cbd141a06003bee675087438b417b5d2f4b7b87123c446d00af707f9ab175a11b0152f981c6de90fd3562a5
SSDEEP

196608:FIAPmCsXDjDyf6L2WliXYrHW1ZIXS8kE:tPmCEDVL2ciIrHWbIXt

Score

7^/10

spyware stealer

Malware Config

Signatures

Loads dropped DLL 13 IoCs

pid	Process
5044	208667472049a045cb965920b62b81fd.exe
5044	208667472049a045cb965920b62b81fd.exe
5044	208667472049a045cb965920b62b81fd.exe
5044	208667472049a045cb965920b62b81fd.exe
5044	208667472049a045cb965920b62b81fd.exe
5044	208667472049a045cb965920b62b81fd.exe
5044	208667472049a045cb965920b62b81fd.exe
5044	208667472049a045cb965920b62b81fd.exe
5044	208667472049a045cb965920b62b81fd.exe
5044	208667472049a045cb965920b62b81fd.exe
5044	208667472049a045cb965920b62b81fd.exe
5044	208667472049a045cb965920b62b81fd.exe
5044	208667472049a045cb965920b62b81fd.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4464 wrote to memory of 5044	4464	208667472049a045cb965920b62b81fd.exe	90
PID 4464 wrote to memory of 5044	4464	208667472049a045cb965920b62b81fd.exe	90

C:\Users\Admin\AppData\Local\Temp\208667472049a045cb965920b62b81fd.exe
"C:\Users\Admin\AppData\Local\Temp\208667472049a045cb965920b62b81fd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4464
- C:\Users\Admin\AppData\Local\Temp\208667472049a045cb965920b62b81fd.exe
  "C:\Users\Admin\AppData\Local\Temp\208667472049a045cb965920b62b81fd.exe"
  2⤵
  - Loads dropped DLL
  PID:5044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI44642\VCRUNTIME140.dll

Filesize
94KB

MD5
18049f6811fc0f94547189a9e104f5d2

SHA1
dc127fa1ff0aab71abd76b89fc4b849ad3cf43a6

SHA256
c865c3366a98431ec3a5959cb5ac3966081a43b82dfcd8bfefafe0146b1508db

SHA512
38fa01debdb8c5369b3be45b1384434acb09a6afe75a50a31b3f0babb7bc0550261a5376dd7e5beac74234ec1722967a33fc55335b1809c0b64db42f7e56cdf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44642\_ctypes.pyd

Filesize
124KB

MD5
7322f8245b5c8551d67c337c0dc247c9

SHA1
5f4cb918133daa86631211ae7fa65f26c23fcc98

SHA256
4fcf4c9c98b75a07a7779c52e1f7dff715ae8a2f8a34574e9dac66243fb86763

SHA512
52748b59ce5d488d2a4438548963eb0f2808447c563916e2917d08e5f4aab275e4769c02b63012b3d2606fdb5a8baa9eb5942ba5c5e11b7678f5f4187b82b0c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44642\_hashlib.pyd

Filesize
64KB

MD5
88e2bf0a590791891fb5125ffcf5a318

SHA1
39f96abbabf3fdd46844ba5190d2043fb8388696

SHA256
e7aecb61a54dcc77b6d9cafe9a51fd1f8d78b2194cc3baf6304bbd1edfd0aee6

SHA512
7d91d2fa95bb0ffe92730679b9a82e13a3a6b9906b2c7f69bc9065f636a20be65e1d6e7a557bfd6e4b80edd0f00db92eb7fea06345c2c9b98176c65d18c4bdbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44642\_socket.pyd

Filesize
78KB

MD5
478abd499eefeba3e50cfc4ff50ec49d

SHA1
fe1aae16b411a9c349b0ac1e490236d4d55b95b2

SHA256
fdb14859efee35e105f21a64f7afdf50c399ffa0fa8b7fcc76dae4b345d946cb

SHA512
475b8d533599991b4b8bfd27464b379d78e51c41f497e81698b4e7e871f82b5f6b2bfec70ec2c0a1a8842611c8c2591133eaef3f7fc4bc7625e18fc4189c914e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44642\_ssl.pyd

Filesize
151KB

MD5
cf7886b3ac590d2ea1a6efe4ee47dc20

SHA1
8157a0c614360162588f698a2b0a4efe321ea427

SHA256
3d183c1b3a24d634387cce3835f58b8e1322bf96ab03f9fe9f02658fb17d1f8c

SHA512
b171f7d683621fdab5989bfed20c3f6479037035f334ea9a19feb1184f46976095a7666170a06f1258c6ddf2c1f8bdb4e31cbfd33d3b8fa4b330f097d1c09d81

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44642\_ssl.pyd

Filesize
92KB

MD5
5d7daadf527029fa00dbb7a0d31a8118

SHA1
5994df7d653c6c54d0de9e4f218aff3bbae0fbb9

SHA256
ff753f99c98ae8d21a72780735041563f54a0d7863c09a598b76601bb7bda03c

SHA512
dd59a3219c714ec574814cecd9afd1a6fc2d58332d6a21e01f5c23b0045917e3b277e9afb3c6090f508e12cc9f94e589a74ac5f96e734907bebb96e226dec29b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44642\base_library.zip

Filesize
99KB

MD5
42b4c1f2e147b2991470a6ee4a51ce0e

SHA1
07df15739532cd5e9a720d257ed2095af15d5cff

SHA256
5a87deb72bcafa00694540a4f2001ce15efc397b360603f15f80bd9537e8cc5b

SHA512
a28f9060ef7ca3857d8c9545680727e6f2a669c89a66a931715ebae86e4345b923ccc96cea1a6407b4935403e4c01c722d819f6b9b86b411dee05dfda70e5255

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44642\libcrypto-1_1.dll

Filesize
85KB

MD5
d6a20f562509d85d11b9cf81d58a0802

SHA1
b817432e8d75414f4d2eb7b6045711daad46165d

SHA256
3b990e02e1abc4896c94a55c907516fb1bcf2b4bf277480812010f5ddf6b7e4f

SHA512
2cdfac33d2e37d7e515c6bb7d9aac18cb19bd91f7fcd95a8c4a1f9f125c0245a25f140b6fc144e355b4fc455f97b5035edb2f8b24f14b0d8a4633bccc96b7e39

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44642\libcrypto-1_1.dll

Filesize
896KB

MD5
8c36f2b944c47208b158775d9f024792

SHA1
97c321bf4bda0d9bc71779dcd11a9682b413e362

SHA256
77c3222bb3e7cdc6bd904108efd0cd404585a28afe00f08c223482929e4ff421

SHA512
3a8aabd755494a5581ce132052338cc1ee2ec6359f17e3278605cd9f4e870e9c7d83d10e4020a5a9fdfd288f7a70a30c0f3705f649cd7d3b1537e586c8059349

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44642\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44642\libssl-1_1.dll

Filesize
381KB

MD5
973a53907697e5aa640451c5b585bb91

SHA1
c72d4bd628f367776808c2872c01416753afb551

SHA256
c145263afaae8c699b87d4ccb789715b96813892df5d42aa6434e41e29e0437a

SHA512
e58528c28fd1ecc8527b8fe41a2c7e743dfb5ba4fc0de760c1881b9e4ad2f528f99ef71a796ce01fd3217c285af4c65ea5889c797fa186664a274df08ca86b11

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44642\libssl-1_1.dll

Filesize
92KB

MD5
c2bdd661f566f94d099ca541ddfd9624

SHA1
b5940c09f2f9eb4e88a916cf81f4f3f94c53d876

SHA256
dcae322b4df573681359c0b830f510fc28a4214f6e46e1c8551c45043b6b9261

SHA512
1705716fabc10cb45dbd2a7756e3ee7883681db4d3e4018d6eb1b2c1c320e87788552074686195cdd5b34725d4339684cafe273c404a2aaa64933d0e9fe01d23

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44642\python39.dll

Filesize
1.0MB

MD5
df0281d2251a4ed7086a6a589f8eec70

SHA1
a3169698e1f0a6a5ecc95a92e27233ad000f54bf

SHA256
0c01952ea773b82c4adf17cb59284ca689c7bb0943b2071a5e44cafd8acb73d7

SHA512
e8e2816bb3e93280054e8d50f1469fad2ccf3a1a90eb7a9563f44ccbd86ecc594fc651741eb56c0058890afbb7fe01141ef5d520b3a87eb8d359f2f8908564ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44642\python39.dll

Filesize
1.0MB

MD5
e137ee2993b8a37006f82b734ddea1e3

SHA1
7d0ee4247a61e7c467c4c201731221c93e905f3f

SHA256
6912e3c8480f8885fb409b23cd028a7426719fec318ccbb8c416be05ad19207f

SHA512
3e9a4a18736fcc21c3e6843ecdb3002a9502f90b8347905e7984657ecc0b350941d4c08cff63f06538a97a81563f0c46da8753908076731fa60c9fbd97fdf086

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44642\select.pyd

Filesize
28KB

MD5
fed3dae56f7c9ea35d2e896fede29581

SHA1
ae5b2ef114138c4d8a6479d6441967c170c5aa23

SHA256
d56542143775d02c70ad713ac36f295d473329ef3ad7a2999811d12151512931

SHA512
3128c57724b0609cfcaca430568d79b0e6abd13e5bba25295493191532dba24af062d4e0340d0ed68a885c24fbbf36b7a3d650add2f47f7c2364eab6a0b5faff

Download Submit