bc44df57d0c237731ad110b4517351fc66fc20405adb36a20988a8e15de87407

Analysis

max time kernel
93s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03-02-2024 12:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

test.exe
Size

11.3MB
MD5

de093ddf09fc55f42388c675380858c7
SHA1

a6167902b450841d5b50b43e9679fb00a85afafc
SHA256

bc44df57d0c237731ad110b4517351fc66fc20405adb36a20988a8e15de87407
SHA512

5035522a9dab568c5d83542c7a73cc7923d0804bde96c3e0e0f4f04c051ae2e94b34be482f31587561c2228304d560ce1cc5206b6aa6f3aa8a4d6e9d274ebc31
SSDEEP

196608:dc6n04UnZKSbl/HFVLgAnjNMJSon6F1W903eV4QJXMToEuGxgh858F0ibfUxgABs:i4UnTBfFZNRwSo67W+eGQJXMTozGxu8F

Score

7^/10

spyware stealer

Malware Config

Signatures

Loads dropped DLL 18 IoCs

pid	Process
1856	test.exe
1856	test.exe
1856	test.exe
1856	test.exe
1856	test.exe
1856	test.exe
1856	test.exe
1856	test.exe
1856	test.exe
1856	test.exe
1856	test.exe
1856	test.exe
1856	test.exe
1856	test.exe
1856	test.exe
1856	test.exe
1856	test.exe
1856	test.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
11	discord.com
10	discord.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
8	api.ipify.org
7	api.ipify.org

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3200 wrote to memory of 1856	3200	test.exe	84
PID 3200 wrote to memory of 1856	3200	test.exe	84

C:\Users\Admin\AppData\Local\Temp\test.exe
"C:\Users\Admin\AppData\Local\Temp\test.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3200
- C:\Users\Admin\AppData\Local\Temp\test.exe
  "C:\Users\Admin\AppData\Local\Temp\test.exe"
  2⤵
  - Loads dropped DLL
  PID:1856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI32002\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32002\_brotli.cp312-win_amd64.pyd

Filesize
802KB

MD5
9ad5bb6f92ee2cfd29dde8dd4da99eb7

SHA1
30a8309938c501b336fd3947de46c03f1bb19dc8

SHA256
788acbfd0edd6ca3ef3e97a9487eeaea86515642c71cb11bbcf25721e6573ec8

SHA512
a166abcb834d6c9d6b25807adddd25775d81e2951e1bc3e9849d8ae868dedf2e1ee1b6b4b288ddfbd88a63a6fa624e2d6090aa71ded9b90c2d8cbf2d9524fdbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32002\_bz2.pyd

Filesize
82KB

MD5
90f58f625a6655f80c35532a087a0319

SHA1
d4a7834201bd796dc786b0eb923f8ec5d60f719b

SHA256
bd8621fcc901fa1de3961d93184f61ea71068c436794af2a4449738ccf949946

SHA512
b5bb1ecc195700ad7bea5b025503edd3770b1f845f9beee4b067235c4e63496d6e0b19bdd2a42a1b6591d1131a2dc9f627b2ae8036e294300bb6983ecd644dc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32002\_cffi_backend.cp312-win_amd64.pyd

Filesize
178KB

MD5
0572b13646141d0b1a5718e35549577c

SHA1
eeb40363c1f456c1c612d3c7e4923210eae4cdf7

SHA256
d8a76d1e31bbd62a482dea9115fc1a109cb39af4cf6d1323409175f3c93113a7

SHA512
67c28432ca8b389acc26e47eb8c4977fddd4af9214819f89df07fecbc8ed750d5f35807a1b195508dd1d77e2a7a9d7265049dcfbfe7665a7fd1ba45da1e4e842

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32002\_decimal.pyd

Filesize
247KB

MD5
f78f9855d2a7ca940b6be51d68b80bf2

SHA1
fd8af3dbd7b0ea3de2274517c74186cb7cd81a05

SHA256
d4ae192bbd4627fc9487a2c1cd9869d1b461c20cfd338194e87f5cf882bbed12

SHA512
6b68c434a6f8c436d890d3c1229d332bd878e5777c421799f84d79679e998b95d2d4a013b09f50c5de4c6a85fcceb796f3c486e36a10cbac509a0da8d8102b18

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32002\_hashlib.pyd

Filesize
64KB

MD5
8baeb2bd6e52ba38f445ef71ef43a6b8

SHA1
4132f9cd06343ef8b5b60dc8a62be049aa3270c2

SHA256
6c50c9801a5caf0bb52b384f9a0d5a4aa182ca835f293a39e8999cf6edf2f087

SHA512
804a4e19ea622646cea9e0f8c1e284b7f2d02f3620199fa6930dbdadc654fa137c1e12757f87c3a1a71ceff9244aa2f598ee70d345469ca32a0400563fe3aa65

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32002\_lzma.pyd

Filesize
155KB

MD5
cf8de1137f36141afd9ff7c52a3264ee

SHA1
afde95a1d7a545d913387624ef48c60f23cf4a3f

SHA256
22d10e2d6ad3e3ed3c49eb79ab69a81aaa9d16aeca7f948da2fe80877f106c16

SHA512
821985ff5bc421bd16b2fa5f77f1f4bf8472d0d1564bc5768e4dbe866ec52865a98356bb3ef23a380058acd0a25cd5a40a1e0dae479f15863e48c4482c89a03f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32002\_queue.pyd

Filesize
31KB

MD5
5aa4b057ba2331eed6b4b30f4b3e0d52

SHA1
6b9db113c2882743984c3d8b70ec49fc4a136c23

SHA256
d43dca0e00c3c11329b68177e967cf5240495c4786f5afa76ac4f267c3a5cdb9

SHA512
aa5aa3285ea5c177eca055949c5f550dbd2d2699202a29efe2077213cbc95fff2a36d99eecce249ac04d95baf149b3d8c557a67fc39ead3229f0b329e83447b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32002\_socket.pyd

Filesize
81KB

MD5
439b3ad279befa65bb40ecebddd6228b

SHA1
d3ea91ae7cad9e1ebec11c5d0517132bbc14491e

SHA256
24017d664af20ee3b89514539345caac83eca34825fcf066a23e8a4c99f73e6d

SHA512
a335e1963bb21b34b21aef6b0b14ba8908a5343b88f65294618e029e3d4d0143ea978a5fd76d2df13a918ffab1e2d7143f5a1a91a35e0cc1145809b15af273bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32002\_ssl.pyd

Filesize
173KB

MD5
6774d6fb8b9e7025254148dc32c49f47

SHA1
212e232da95ec8473eb0304cf89a5baf29020137

SHA256
2b6f1b1ac47cb7878b62e8d6bb587052f86ca8145b05a261e855305b9ca3d36c

SHA512
5d9247dce96599160045962af86fc9e5439f66a7e8d15d1d00726ec1b3b49d9dd172d667380d644d05cb18e45a5419c2594b4bcf5a16ea01542ae4d7d9a05c6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32002\base_library.zip

Filesize
831KB

MD5
79eeab70b14c239872192c63e79775b2

SHA1
2d9c7e0c37db50c4f0409434a1e512b98e403905

SHA256
940129aa25b1e9e9ec9ad34ee23d529fbefd37ef1882519858a7994995e9483d

SHA512
8540056c58af8eb7c32e78e0564c406dd370871c064666eee4378fae30f74e40b14f58175ac0c3aa6d1b6bdbac75a1cd037cabd78d735df7671b2529ed1acc7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32002\certifi\cacert.pem

Filesize
283KB

MD5
302b49c5f476c0ae35571430bb2e4aa0

SHA1
35a7837a3f1b960807bf46b1c95ec22792262846

SHA256
cf9d37fa81407afe11dcc0d70fe602561422aa2344708c324e4504db8c6c5748

SHA512
1345af52984b570b1ff223032575feb36cdfb4f38e75e0bd3b998bc46e9c646f7ac5c583d23a70460219299b9c04875ef672bf5a0d614618731df9b7a5637d0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32002\charset_normalizer\md.cp312-win_amd64.pyd

Filesize
10KB

MD5
d9e0217a89d9b9d1d778f7e197e0c191

SHA1
ec692661fcc0b89e0c3bde1773a6168d285b4f0d

SHA256
ecf12e2c0a00c0ed4e2343ea956d78eed55e5a36ba49773633b2dfe7b04335c0

SHA512
3b788ac88c1f2d682c1721c61d223a529697c7e43280686b914467b3b39e7d6debaff4c0e2f42e9dddb28b522f37cb5a3011e91c66d911609c63509f9228133d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32002\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

Filesize
120KB

MD5
bf9a9da1cf3c98346002648c3eae6dcf

SHA1
db16c09fdc1722631a7a9c465bfe173d94eb5d8b

SHA256
4107b1d6f11d842074a9f21323290bbe97e8eed4aa778fbc348ee09cc4fa4637

SHA512
7371407d12e632fc8fb031393838d36e6a1fe1e978ced36ff750d84e183cde6dd20f75074f4597742c9f8d6f87af12794c589d596a81b920c6c62ee2ba2e5654

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32002\libcrypto-3.dll

Filesize
603KB

MD5
424feb4f7966c9bce94426070f9f88bb

SHA1
b0ceca069888f0234c626d5ec59b6aad223a9fa7

SHA256
731d5c4baddeb1d781a2c8da812dc4b3cbe333f3622865828fc2572db60fd779

SHA512
69a1cf2145fe1614c2837d6483cd009e57ac1fa18cd90362278d7f92dc9e8ff291d79c15918671245e5ef25ddf8c7a0a92d149eaef9add089ed19e44a621ea9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32002\libcrypto-3.dll

Filesize
1.6MB

MD5
93313f0776cbf6b4f63ad12119d37c02

SHA1
4d25307bd786deb918ba1163c11cb1e67c070042

SHA256
e4699a51210c98c289ae785f1481db88ef80cb510b2bc318c27611c8d72733d5

SHA512
07a5a991ddb24e716b1323923bf8897aaaf1a5ac8f28372849c7c80a263e8c1c17dd96a1e38d7e68e1e61301c4159c04a742c1515b0af0c4ea7741cbcd698b83

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32002\libcrypto-3.dll

Filesize
1.5MB

MD5
bbbc02bf37189c48ebd42c404c710746

SHA1
57ff0dc0ca4b1337251bd07e3dc475d51c0ac92d

SHA256
7b71ad74b4d5be9d983d04fc5f26927e0123b33566c3ac5c0ce0c614d9ce804f

SHA512
ef92958fb5d985ac086ea896139234e87821f133488b3ffacd91b35b45300fd22cf56b855eef3645c27e103f87702df138d0797d2f58b3bf435ac2d547cdfed1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32002\libssl-3.dll

Filesize
771KB

MD5
bfc834bb2310ddf01be9ad9cff7c2a41

SHA1
fb1d601b4fcb29ff1b13b0d2ed7119bd0472205c

SHA256
41ad1a04ca27a7959579e87fbbda87c93099616a64a0e66260c983381c5570d1

SHA512
6af473c7c0997f2847ebe7cee8ef67cd682dee41720d4f268964330b449ba71398fda8954524f9a97cc4cdf9893b8bdc7a1cf40e9e45a73f4f35a37f31c6a9c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32002\libssl-3.dll

Filesize
675KB

MD5
565b6d3fc7638f9f987e9a05464e09f2

SHA1
57c69e12cc571c96ae23048d797a8823d867aa77

SHA256
0ee80a72dc6d86f4950b5741825c3961598549c9c5651043829694e9456ecae9

SHA512
e8a6cfc81cc9c1b0aa18dde4ee7be15f685d5cd2050a84910010127887f81494d9840e8a46aecaaa67f89a540dd0d475162d17d1a69cad1416d1e211676116e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32002\python3.dll

Filesize
66KB

MD5
4038af0427bce296ca8f3e98591e0723

SHA1
b2975225721959d87996454d049e6d878994cbf2

SHA256
a5bb3eb6fdfd23e0d8b2e4bccd6016290c013389e06daae6cb83964fa69e2a4f

SHA512
db762442c6355512625b36f112eca6923875d10aaf6476d79dc6f6ffc9114e8c7757ac91dbcd1fb00014122bc7f656115160cf5d62fa7fa1ba70bc71346c1ad3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32002\python312.dll

Filesize
3.0MB

MD5
530afa767a92f109774f39133b65492c

SHA1
67d762f2088dfff3e912ae15785d778fa8f58e43

SHA256
2639bd21e2d9076caa8e812d269c3eef5e2648e48b56bff5cf3c6cc4aa2e2543

SHA512
0f239180b0486e099c5e345f1713c32526e046d2f0cc621fa19650ada22c44ecb3741ac3c17356ae8e1e5e2e0df9f58bb8da32ccb24807d43b93a918b52f144f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32002\python312.dll

Filesize
320KB

MD5
7232618178586c463ebded2c048545dc

SHA1
272f826d62698b9173e5197cad0d5773c37e890a

SHA256
39d821b55c869ad25ce54dae97c9078ad4b7b824f0a736a4bbc1b45bf54f0e2e

SHA512
155de2865714e4631270b91457f7309315846653fb2ff6394e5c1306e2302a637364486f5627bdce2c5457ab04d53f592cb2a08b18efe49778bc65b64e744692

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32002\select.pyd

Filesize
29KB

MD5
e1604afe8244e1ce4c316c64ea3aa173

SHA1
99704d2c0fa2687997381b65ff3b1b7194220a73

SHA256
74cca85600e7c17ea6532b54842e26d3cae9181287cdf5a4a3c50af4dab785e5

SHA512
7bf35b1a9da9f1660f238c2959b3693b7d9d2da40cf42c6f9eba2164b73047340d0adff8995049a2fe14e149eba05a5974eee153badd9e8450f961207f0b3d42

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32002\unicodedata.pyd

Filesize
808KB

MD5
6a9c6c39c8a8d6d47d05f5bc1e564ec7

SHA1
c6431ccc3b13f3bc47b3a1716f7a22721d23ec2f

SHA256
48af0195ae6b8330e1af95fbf862be560ea60c7290d3aeffadb16ebecd2a66ce

SHA512
7c563342f41159d18d7c8ca72078708832899f43394db339894ccee336761e5eb39e019be9f7519b8fef3a7a35fb7f43de5352d373fb74a9757cfbfe603b32b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32002\unicodedata.pyd

Filesize
1.1MB

MD5
fc47b9e23ddf2c128e3569a622868dbe

SHA1
2814643b70847b496cbda990f6442d8ff4f0cb09

SHA256
2a50d629895a05b10a262acf333e7a4a31db5cb035b70d14d1a4be1c3e27d309

SHA512
7c08683820498fdff5f1703db4ad94ad15f2aa877d044eddc4b54d90e7dc162f48b22828cd577c9bb1b56f7c11f777f9785a9da1867bf8c0f2b6e75dc57c3f53

Download Submit