Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-01-2024 03:07

General

  • Target

    3bba813ba5e9e0e41e16ca35b3f1931c.exe

  • Size

    6.5MB

  • MD5

    3bba813ba5e9e0e41e16ca35b3f1931c

  • SHA1

    4f6fb92c527e7fa05a08e20192951ff5edca250d

  • SHA256

    2716768423878309c0796b0de66fb9ae63d78ef0a043e69d3708832be04b4c26

  • SHA512

    dc8ab81f60387dcdc5d737e57fa1df2615308c3749c8d53199ef6a5e702b2eade0a1513deb63f490bee48970b964d5223b08929f05754450e06074e69ddc14aa

  • SSDEEP

    196608:78JPmCsXDjDyf6L2WliXYrHW1LShKSapR:sPmCEDVL2ciIrHWRShKp

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 13 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3bba813ba5e9e0e41e16ca35b3f1931c.exe
    "C:\Users\Admin\AppData\Local\Temp\3bba813ba5e9e0e41e16ca35b3f1931c.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2732
    • C:\Users\Admin\AppData\Local\Temp\3bba813ba5e9e0e41e16ca35b3f1931c.exe
      "C:\Users\Admin\AppData\Local\Temp\3bba813ba5e9e0e41e16ca35b3f1931c.exe"
      2⤵
      • Loads dropped DLL
      PID:1708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI27322\VCRUNTIME140.dll

    Filesize

    94KB

    MD5

    18049f6811fc0f94547189a9e104f5d2

    SHA1

    dc127fa1ff0aab71abd76b89fc4b849ad3cf43a6

    SHA256

    c865c3366a98431ec3a5959cb5ac3966081a43b82dfcd8bfefafe0146b1508db

    SHA512

    38fa01debdb8c5369b3be45b1384434acb09a6afe75a50a31b3f0babb7bc0550261a5376dd7e5beac74234ec1722967a33fc55335b1809c0b64db42f7e56cdf7

  • C:\Users\Admin\AppData\Local\Temp\_MEI27322\_ctypes.pyd

    Filesize

    124KB

    MD5

    7322f8245b5c8551d67c337c0dc247c9

    SHA1

    5f4cb918133daa86631211ae7fa65f26c23fcc98

    SHA256

    4fcf4c9c98b75a07a7779c52e1f7dff715ae8a2f8a34574e9dac66243fb86763

    SHA512

    52748b59ce5d488d2a4438548963eb0f2808447c563916e2917d08e5f4aab275e4769c02b63012b3d2606fdb5a8baa9eb5942ba5c5e11b7678f5f4187b82b0c2

  • C:\Users\Admin\AppData\Local\Temp\_MEI27322\_hashlib.pyd

    Filesize

    64KB

    MD5

    88e2bf0a590791891fb5125ffcf5a318

    SHA1

    39f96abbabf3fdd46844ba5190d2043fb8388696

    SHA256

    e7aecb61a54dcc77b6d9cafe9a51fd1f8d78b2194cc3baf6304bbd1edfd0aee6

    SHA512

    7d91d2fa95bb0ffe92730679b9a82e13a3a6b9906b2c7f69bc9065f636a20be65e1d6e7a557bfd6e4b80edd0f00db92eb7fea06345c2c9b98176c65d18c4bdbf

  • C:\Users\Admin\AppData\Local\Temp\_MEI27322\_socket.pyd

    Filesize

    78KB

    MD5

    478abd499eefeba3e50cfc4ff50ec49d

    SHA1

    fe1aae16b411a9c349b0ac1e490236d4d55b95b2

    SHA256

    fdb14859efee35e105f21a64f7afdf50c399ffa0fa8b7fcc76dae4b345d946cb

    SHA512

    475b8d533599991b4b8bfd27464b379d78e51c41f497e81698b4e7e871f82b5f6b2bfec70ec2c0a1a8842611c8c2591133eaef3f7fc4bc7625e18fc4189c914e

  • C:\Users\Admin\AppData\Local\Temp\_MEI27322\_ssl.pyd

    Filesize

    151KB

    MD5

    cf7886b3ac590d2ea1a6efe4ee47dc20

    SHA1

    8157a0c614360162588f698a2b0a4efe321ea427

    SHA256

    3d183c1b3a24d634387cce3835f58b8e1322bf96ab03f9fe9f02658fb17d1f8c

    SHA512

    b171f7d683621fdab5989bfed20c3f6479037035f334ea9a19feb1184f46976095a7666170a06f1258c6ddf2c1f8bdb4e31cbfd33d3b8fa4b330f097d1c09d81

  • C:\Users\Admin\AppData\Local\Temp\_MEI27322\_ssl.pyd

    Filesize

    92KB

    MD5

    5d7daadf527029fa00dbb7a0d31a8118

    SHA1

    5994df7d653c6c54d0de9e4f218aff3bbae0fbb9

    SHA256

    ff753f99c98ae8d21a72780735041563f54a0d7863c09a598b76601bb7bda03c

    SHA512

    dd59a3219c714ec574814cecd9afd1a6fc2d58332d6a21e01f5c23b0045917e3b277e9afb3c6090f508e12cc9f94e589a74ac5f96e734907bebb96e226dec29b

  • C:\Users\Admin\AppData\Local\Temp\_MEI27322\base_library.zip

    Filesize

    763KB

    MD5

    c6b38adf85add9f9a7ea0b67eea508b4

    SHA1

    23a398ffdae6047d9777919f7b6200dd2a132887

    SHA256

    77479f65578cf9710981255a3ad5495d45f8367b2f43c2f0680fce0fed0e90fb

    SHA512

    d6abc793a7b6cc6138b50305a8c1cad10fa1628ca01a2284d82222db9bd1569959b05bdf4581d433ff227438131e43eec98bf265e746b17e76b1c9e9e21d447d

  • C:\Users\Admin\AppData\Local\Temp\_MEI27322\libcrypto-1_1.dll

    Filesize

    381KB

    MD5

    d1338c17c4c17bd95f6b95002f119357

    SHA1

    560a21b32ade7ab5c5691a4ce47ab313ec2f78d1

    SHA256

    a8282062fd3b5221d8ae1e3ad70f94743cf2e4c00f13b862e984dee33ed48d47

    SHA512

    527ef8f67ac20bdd128e65571e2b7e81d7b33d20abebbe180895ae63e8f0744d2c1d3577c3e37ad2c32a5acf2b664411b3425e8ae43dc72a97e426e77c5fbc4d

  • C:\Users\Admin\AppData\Local\Temp\_MEI27322\libffi-7.dll

    Filesize

    32KB

    MD5

    eef7981412be8ea459064d3090f4b3aa

    SHA1

    c60da4830ce27afc234b3c3014c583f7f0a5a925

    SHA256

    f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

    SHA512

    dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

  • C:\Users\Admin\AppData\Local\Temp\_MEI27322\libssl-1_1.dll

    Filesize

    92KB

    MD5

    c2bdd661f566f94d099ca541ddfd9624

    SHA1

    b5940c09f2f9eb4e88a916cf81f4f3f94c53d876

    SHA256

    dcae322b4df573681359c0b830f510fc28a4214f6e46e1c8551c45043b6b9261

    SHA512

    1705716fabc10cb45dbd2a7756e3ee7883681db4d3e4018d6eb1b2c1c320e87788552074686195cdd5b34725d4339684cafe273c404a2aaa64933d0e9fe01d23

  • C:\Users\Admin\AppData\Local\Temp\_MEI27322\python39.dll

    Filesize

    3.0MB

    MD5

    883f8245bcbeb4600877a849321aee9b

    SHA1

    02c2e7fdf626ccdf0935e0f60651176446b7f522

    SHA256

    7e72669a13f9d57b528624a52f923cd3bc2ece2cbf843b00f3689173ffce7839

    SHA512

    971be438c999a7356f9fa2c9d3b0ab5776b0b6297571ed9a93f1965f481aef08bc4e7e820e7f05255c4a525b1959426ba013cb0d409540a7562c0e5b1f6056d2

  • C:\Users\Admin\AppData\Local\Temp\_MEI27322\python39.dll

    Filesize

    2.1MB

    MD5

    b683da4b984cf8481abcc2d2ed9f7470

    SHA1

    594c3e7a3a0458996ec91de9e498c3fa7a2ab08a

    SHA256

    8ca67b333250880af29657acbe298b05c5af4e5cc2f70b82facc10ad0f2c68e7

    SHA512

    f601733fa7f0cf7029aec8e5b770118d3c8e130929d342bbe313baf84dc433ffe1b3a444824fc4be1ce249ecc2cd16742216b85c51387c984d9f67bc7baa3bcb

  • C:\Users\Admin\AppData\Local\Temp\_MEI27322\select.pyd

    Filesize

    28KB

    MD5

    fed3dae56f7c9ea35d2e896fede29581

    SHA1

    ae5b2ef114138c4d8a6479d6441967c170c5aa23

    SHA256

    d56542143775d02c70ad713ac36f295d473329ef3ad7a2999811d12151512931

    SHA512

    3128c57724b0609cfcaca430568d79b0e6abd13e5bba25295493191532dba24af062d4e0340d0ed68a885c24fbbf36b7a3d650add2f47f7c2364eab6a0b5faff