40657557e6c69e35866b3dc5efdb25911e5d41aa6d0466309d722127769a175b

Analysis

max time kernel
118s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 13:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e73d3001cba0c172ee2a2bbddcc3059.exe
Size

8.9MB
MD5

4e73d3001cba0c172ee2a2bbddcc3059
SHA1

c92b1214fa42937846ba2ee1663bd0f31a1ab818
SHA256

40657557e6c69e35866b3dc5efdb25911e5d41aa6d0466309d722127769a175b
SHA512

329fae8f92660a379f27e11aebdd604516d87a3a9ca200efb9f9c85b13c7774e1aa9d703fa923dd975fb1c00ac275ee310be790730d0b4e939d165f9289032a4
SSDEEP

196608:m0tn/RNrlHAjoG+IY9onJ5hrZER9B2WZufOuD9Lr/QKyyHwOGCTb8ZM0h:JNZxlHOFY9c5hlERf2WmfDZrXDHwv6jM

Score

7^/10

spyware stealer

Malware Config

Signatures

Loads dropped DLL 17 IoCs

pid	Process
4016	4e73d3001cba0c172ee2a2bbddcc3059.exe
4016	4e73d3001cba0c172ee2a2bbddcc3059.exe
4016	4e73d3001cba0c172ee2a2bbddcc3059.exe
4016	4e73d3001cba0c172ee2a2bbddcc3059.exe
4016	4e73d3001cba0c172ee2a2bbddcc3059.exe
4016	4e73d3001cba0c172ee2a2bbddcc3059.exe
4016	4e73d3001cba0c172ee2a2bbddcc3059.exe
4016	4e73d3001cba0c172ee2a2bbddcc3059.exe
4016	4e73d3001cba0c172ee2a2bbddcc3059.exe
4016	4e73d3001cba0c172ee2a2bbddcc3059.exe
4016	4e73d3001cba0c172ee2a2bbddcc3059.exe
4016	4e73d3001cba0c172ee2a2bbddcc3059.exe
4016	4e73d3001cba0c172ee2a2bbddcc3059.exe
4016	4e73d3001cba0c172ee2a2bbddcc3059.exe
4016	4e73d3001cba0c172ee2a2bbddcc3059.exe
4016	4e73d3001cba0c172ee2a2bbddcc3059.exe
4016	4e73d3001cba0c172ee2a2bbddcc3059.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 640 wrote to memory of 4016	640	4e73d3001cba0c172ee2a2bbddcc3059.exe	87
PID 640 wrote to memory of 4016	640	4e73d3001cba0c172ee2a2bbddcc3059.exe	87

C:\Users\Admin\AppData\Local\Temp\4e73d3001cba0c172ee2a2bbddcc3059.exe
"C:\Users\Admin\AppData\Local\Temp\4e73d3001cba0c172ee2a2bbddcc3059.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:640
- C:\Users\Admin\AppData\Local\Temp\4e73d3001cba0c172ee2a2bbddcc3059.exe
  "C:\Users\Admin\AppData\Local\Temp\4e73d3001cba0c172ee2a2bbddcc3059.exe"
  2⤵
  - Loads dropped DLL
  PID:4016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI6402\VCRUNTIME140.dll

Filesize
99KB

MD5
8697c106593e93c11adc34faa483c4a0

SHA1
cd080c51a97aa288ce6394d6c029c06ccb783790

SHA256
ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833

SHA512
724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\_ctypes.pyd

Filesize
123KB

MD5
4d13a7b3ecc8c7dc96a0424c465d7251

SHA1
0c72f7259ac9108d956aede40b6fcdf3a3943cb5

SHA256
2995ef03e784c68649fa7898979cbb2c1737f691348fae15f325d9fc524df8ed

SHA512
68ff7c421007d63a970269089afb39c949d6cf9f4d56aff7e4e0b88d3c43cfaa352364c5326523386c00727cc36e64274a51b5dbb3a343b16201cf5fc264fec8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\_socket.pyd

Filesize
77KB

MD5
eb974aeda30d7478bb800bb4c5fbc0a2

SHA1
c5b7bc326bd003d42bcf620d657cac3f46f9d566

SHA256
1db7b4f6ae31c4d35ef874eb328f735c96a2457677a3119e9544ee2a79bc1016

SHA512
f9eea3636371ba508d563cf21541a21879ce50a5666e419ecfd74255c8decc3ae5e2ceb4a8f066ae519101dd71a116335a359e3343e8b2ff3884812099ae9b1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\_sqlite3.pyd

Filesize
85KB

MD5
7f184284e7786226d3b1de5f02338a48

SHA1
b5b8d1a23780dabe32e994a6a7b348fc56f97c43

SHA256
17fb342ecdacb63160576dec824c9f627ed06a6ba58236110620afaeacb45bb5

SHA512
c3794f8e0eacaa98c756bc6f0ab7ee39ccdc228691298c9b5d14ed834ec06f408d86031bcd62cffb02e349706fee8763ca24d39b13cf7a8feefacc25aab9ed46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\base_library.zip

Filesize
759KB

MD5
df8b8c969ff2b6f8bb7366501364edea

SHA1
abe794715ba88790786c171625db7547f6f7dbac

SHA256
6cb8ff9586c8511e415b08fb2ea329c66eb4e19c345a951b29781f8bf6de3b08

SHA512
80415fce07ddc2bd4ccad95b9d4899ee7745a5f001880e72f8eee80eca884ed432a9dcbf1301cf193e09f89d74393469cdd7e2d5eca89b77e40b98323cbf5a3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\python3.dll

Filesize
57KB

MD5
6c3e8a99ec9f235075a349b6bae9f5c5

SHA1
82233e99b5ace28889671b8ce0ab7e88ef1aee1f

SHA256
5039f5b1e44f14a6f3939e17eeda56818ca0cecacfdf978f903a349abbcea23b

SHA512
c37716f63f70e68ef875a6dbeb668d9289b921ed530aa59429e7e3321ac45a507ceec1f2ef5af7840052bec76dc1b638e277b04328b4aa51ac1fb4aaffee9554

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\python38.dll

Filesize
143KB

MD5
df38dfd539bc143559af0d8002a63b07

SHA1
b42453363edb315ec4a99f2134a6b258c15448c6

SHA256
2d1e20e72b54b01b8ddd87bbc7cc529e3d5833cf1a1bda391afd60603648c03b

SHA512
f0f0c0f6d5ff36954189029c52ecfb5b255f3c66eaa7cea7e167547e02ca1ba186f719795098fda78e844682558cc8fea8a7f0e01d75f5a0fcdd16e25488d5a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\python38.dll

Filesize
1.9MB

MD5
714a987f1df863f85bc4b7171d72611c

SHA1
3b1e0e3563e082c910d930f9275ac9011f5567a0

SHA256
5619613c20dceefa74e47121d2eb04d03cefc2f8bd88a9f363589b8502304673

SHA512
df7409ed404dd5411b7457a3bcc48aaf05c8876fa35a71dd6ca0a609e4f8743db865d2a4f6d845cf657597e2317817235bbef39e56b6334b572dbec150c2a746

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI6402\select.pyd

Filesize
26KB

MD5
08b499ae297c5579ba05ea87c31aff5b

SHA1
4a1a9f1bf41c284e9c5a822f7d018f8edc461422

SHA256
940fb90fd78b5be4d72279dcf9c24a8b1fcf73999f39909980b12565a7921281

SHA512
ab26f4f80449aa9cc24e68344fc89aeb25d5ba5aae15aeed59a804216825818edfe31c7fda837a93a6db4068ccfb1cc7e99173a80bd9dda33bfb2d3b5937d7e9

Download Submit