a267a87d74e15c2b281f4268cf1e3d7e5c5586cf856549528e42d9436e04c9b9

Analysis

max time kernel
159s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07-03-2024 11:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample1.exe
Size

15.6MB
MD5

6b348a39a04048f52114c2431dab3013
SHA1

f5871c6aad24a5bf6b9124e34720769a707daa35
SHA256

a267a87d74e15c2b281f4268cf1e3d7e5c5586cf856549528e42d9436e04c9b9
SHA512

0b4f6eb3d1a66bae6e791862cb59d6a6d95a2a21f6aed6933dab73be0be2d1e9f9695f164f5f30873e1d985e9f5b8ce820823c0ebc68e845f69cfbedccc7dece
SSDEEP

393216:W+HuMHZKZxlHOFXlABlh2pDOHuHOnoLq0JTt3p:W+O4MByCHQpDdHXq0JR

Score

7^/10

spyware stealer

Malware Config

Signatures

Loads dropped DLL 26 IoCs

pid	Process
1748	sample1.exe
1748	sample1.exe
1748	sample1.exe
1748	sample1.exe
1748	sample1.exe
1748	sample1.exe
1748	sample1.exe
1748	sample1.exe
1748	sample1.exe
1748	sample1.exe
1748	sample1.exe
1748	sample1.exe
1748	sample1.exe
1748	sample1.exe
1748	sample1.exe
1748	sample1.exe
1748	sample1.exe
1748	sample1.exe
1748	sample1.exe
1748	sample1.exe
1748	sample1.exe
1748	sample1.exe
1748	sample1.exe
1748	sample1.exe
1748	sample1.exe
1748	sample1.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 1748	2284	sample1.exe	90
PID 2284 wrote to memory of 1748	2284	sample1.exe	90

C:\Users\Admin\AppData\Local\Temp\sample1.exe
"C:\Users\Admin\AppData\Local\Temp\sample1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Users\Admin\AppData\Local\Temp\sample1.exe
  "C:\Users\Admin\AppData\Local\Temp\sample1.exe"
  2⤵
  - Loads dropped DLL
  PID:1748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI22842\PIL\_imaging.cp39-win_amd64.pyd

Filesize
2.5MB

MD5
c48cbb59f64feaf95d6547ab0ddcace0

SHA1
9308ef4083e86e0675512b187b05ff55ab93e0aa

SHA256
53e0ec4ed1f862918c10530029ab7f43e54534eec7991b9bffccfcbed0cc9dd6

SHA512
6343050512ba87bee5b58ec0aa753d376aadb3d27eb69b4da63c174159b2ef8f23863f747e4bc48c85b51d96f3993fe27662dbeaf4e9f9e7047009166befcab2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22842\VCRUNTIME140.dll

Filesize
91KB

MD5
7942be5474a095f673582997ae3054f1

SHA1
e982f6ebc74d31153ba9738741a7eec03a9fa5e8

SHA256
8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c

SHA512
49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22842\_bz2.pyd

Filesize
84KB

MD5
5a8b3602b3560868bd819b10c6343874

SHA1
73a5ce4d07479894f24b776eb387abd33deb83a9

SHA256
00d2f34aee55b473bcc11838469b94a62d01fdf4465e19f7d7388c79132f019e

SHA512
2f2f8305fd8853c479b5d2a442110efc3ad41a3c482cd554ebcc405fcf097e230f5cd45dbfb44050b5bd6fae662ce7cac0583c9784050f0c7d09a678768587db

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22842\_ctypes.pyd

Filesize
124KB

MD5
e1ef9f5c77b01c82cf72522ec96b2a11

SHA1
e83daa56a104f6ea6235822c644b6554c3958cfe

SHA256
a79cf8259890d5843cf8eaf29db8dbd4bfabed50f4d859756f93ac2b30617023

SHA512
4231ec5b06effae6497bf62853b79420529cabaee6b58f519c3c30bdd42c925e85979c29c2db0747dcff3f99f3b19dc02ece96347e08cf49eb0abb1e19238c01

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22842\_decimal.pyd

Filesize
264KB

MD5
77510dba8f87d26741d0a2501d61ad48

SHA1
fff70ddcbb5ddf34419a4196a341bfff52d2d3ee

SHA256
6c5ba4ad0c7b89b83e2a0a2c6cc4927992aa0adc449eea6aacaaff2b55f544f6

SHA512
9b84491bfbb5523b9c73580a8e434ad87a0ccc540fe9d522ee97324c9c20a68d1f45adc712dadd2d3966c4d613ad40b8000a2de4b44a7268020e461d21abf284

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22842\_elementtree.pyd

Filesize
172KB

MD5
52589714e30a19b63d847dd6c49ebc1a

SHA1
6d2b74244989ba597f0066ce6819fed4a4987e76

SHA256
6dadd89e56742e40ab24bb32824449a5ce3d3f0280b477af93a67fa59267ec40

SHA512
84f0e41861e5ca5a019ab967239b4175a75c772b923cc7e34f7697738abfc991f37def0580e0c8bc2964293084d80433663e4e24c72cd11f0a5009653db97256

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22842\_hashlib.pyd

Filesize
64KB

MD5
8f7edaff246c46dbf09ab5554b918b37

SHA1
c14c33b14419f5d24fb36e5f1bf1760a9c63228b

SHA256
9154b36c178d84a901edad689a53148451ef3c851a91447a0654f528a620d944

SHA512
1947a1010fa1b07671aa471d5821792dee7f2b0cd1937d3f944cd0201a299e6cb37a41debbbd1bc6e774186f6d08ad6264055cba7652b0d5bd22691431cb360e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22842\_lzma.pyd

Filesize
159KB

MD5
caa58290ab4414e2e22cc0b6ff4b2d29

SHA1
840902aaf7db40da17018776e5c842014c3a81ac

SHA256
185d407bcca7399c458133f2ce1efa938352b8093b2de040c91c3c3088ab173f

SHA512
a82e380ab1676424e52a36c08eabd572375dd36a7fe2b9df51d48c368aed6c04b0b3674bc6a9787efedd0ed70bb1869ed1a2f3a1f4238485710092b9cbadd00e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22842\_queue.pyd

Filesize
28KB

MD5
671a9ac9b34f07ada65bf1635e4626c5

SHA1
d4a6e478caaacdbdb52f57d12e16ba96671d30f2

SHA256
3f1fc09b3f0a5c8c7aff4223d002952ab26f462aa390940a9f00454815204739

SHA512
92617258ef747f93ab2c378f5c9a2aac14668d834df15939c1ef83a555490b9ee3380d7341bee60c33057482736a595593749b8794ddeaa9649339363095108c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22842\_socket.pyd

Filesize
78KB

MD5
e71c0c49f7e2bd39cafeed1dca29455b

SHA1
22cb314298c6c38e3246f73dc7277ed00d6b8449

SHA256
3b0ea76a2b0caabf5b8994d3789778575ecbf2831acaf4d53d274e265d271622

SHA512
4c09599c7c93427b30a011cc39738983c79f0835292e5c0e7e19f6329f33810773d0e97e20f4698d22b6d0b8b643521bc3ce318c890366872ed26b6d3dab5c05

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22842\_sqlite3.pyd

Filesize
87KB

MD5
7be772b2cc298751e229ca9f1cd1ebb0

SHA1
3fc23d5d58e1357f1279b31877fc5cae19d25acd

SHA256
bb77ea00930a9926816e2313deff136d4f8f1827a0794b9c0088fa2474b84680

SHA512
5e22f7c13d59fc3ce427911401970385de50c9e3ff9dfb931c3d99c1ec5a513dd9ef5edb14069a41f2711d10246c81313927a514732d3e25b26271893ec71d17

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22842\_ssl.pyd

Filesize
150KB

MD5
39919e97dc418e0099b2a0bb332a8c77

SHA1
f04c9d78b3d5e2a95ea3535c363d8b05d666d39e

SHA256
b38b09bf0421b1f49338ded8021d7bc56be19902d9b21a9b6e9c8df448f93eb2

SHA512
f179ebe84ae065ed63e71f2855b2b69cdedfc8be70dace0eb07c8b191768eace1312562e27e77492481f214f85d31f35c88c2b1f7a3881cee9dffffa7ffc668a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22842\base_library.zip

Filesize
771KB

MD5
1b6cfa60458f3c729e97df2c4f5ce99e

SHA1
d9cb1d7830ca44e901a00d0b1df25c836a1f1aca

SHA256
bb5cf0a44e7bd20e37dd710e879fa96ca8375e2db6b4fc621a49487d1b54b125

SHA512
b9614e52455ea12a12771c9d6a85afb0a6228a642fe5c967050e659bcb1e758c93e75c7c9c3a8eef7566d39cb92bad56ead44b66b4b39b9e67c1797438dc4c09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22842\libcrypto-1_1.dll

Filesize
3.2MB

MD5
aa811bb63dbd4c5859b68332326f60b1

SHA1
6e5584d5c59d2f79cbf60c6c71a92ecd7e4e0977

SHA256
00a1eeb37372d11559bf44c9e68af9c841c41c95a173f3dfec4e0b5923d0cae0

SHA512
dad9b14f501fd63824480f8801acd4004dd46f7a6965ac8ab91e573676236a11099f4b7cfdf7b3f6c0cc52a3b2e5d9b50f715f53a1f4f858ea2a5eb15d5092cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22842\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22842\libssl-1_1.dll

Filesize
673KB

MD5
2335285f5ac87173bd304efeddfa1d85

SHA1
64558d2150120abed3514db56299721c42c6fe58

SHA256
1b57a201184559164dedbddcb43bb110a18cafa19ea3d00fc23274ccfc420e94

SHA512
82737590d5ec7315ce8485c4794c01bfcce176ce443740a9f0cf5adfc3c3ed31a714556d33c1ca56db486636111d1ad855f606c87e5f322a505c535187ce2bde

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22842\pyexpat.pyd

Filesize
185KB

MD5
f38c38fa0e17db7935b92cb827cf0356

SHA1
4d58b54307de86d384d246b5577a55db1de96eb5

SHA256
9e481e46a93f74675a0ac6c9565e6b75511f2e5064f764f7f7e2f77680b41378

SHA512
1429b59ac51b1c4d137db7a985a519a9914cd1184af53448cbb6675b62151d428cd05818d811cb8a63ae45d80d302f6eeef28ef7d4723c9a5ae4942f7e424efd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22842\python3.DLL

Filesize
58KB

MD5
c4fa8029ed8439203120d3e774aadc01

SHA1
3ef5714d25ad62efdebb160f3cb93e136dd1f581

SHA256
962dcad9911d6959d7320b2214ade633b53e5555e66d7e82f3bbcc78e2148e0e

SHA512
7429e7463f38767a3627c5a75b16d8856281063fcec42f977d069445ffe56c3edc78142a95047617de5082dc7142858a837596ead5179a8e583545b7754933a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22842\python39.dll

Filesize
4.3MB

MD5
088904a7f5b53107db42e15827e3af98

SHA1
1768e7fb1685410e188f663f5b259710f597e543

SHA256
3761c232e151e9ceaf6c7d37b68da3df1962e3106e425cc3937d1f60170f3718

SHA512
c5edc25fd9a37673f769af1a1fd540b41e68351bc30b44bc83a1d0d4a8fb078888bbb31173a77ef47698631c9816bc05637b499c20d63e3d65457d9aa4bc2c6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22842\pythoncom39.dll

Filesize
543KB

MD5
778867d6c0fff726a86dc079e08c4449

SHA1
45f9b20f4bf27fc3df9fa0d891ca6d37da4add84

SHA256
5dfd4ad6ed4cee8f9eda2e39fe4da2843630089549c47c7adda8a3c74662698a

SHA512
5865cb730aa90c9ac95702396e5c9f32a80ff3a7720e16d64010583387b6dbd76d30426f77ab96ecb0e79d62262e211a4d08eae28109cd21846d51ed4256b8ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22842\pywintypes39.dll

Filesize
137KB

MD5
72511a9c3a320bcdbeff9bedcf21450f

SHA1
7a7af481fecbaf144ae67127e334b88f1a2c1562

SHA256
c06a570b160d5fd8030b8c7ccba64ce8a18413cb4f11be11982756aa4a2b6a80

SHA512
0d1682bb2637834bd8cf1909ca8dbeff0ea0da39687a97b5ef3d699210dc536d5a49a4f5ff9097cabd8eb65d8694e02572ff0fdabd8b186a3c45cd66f23df868

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22842\select.pyd

Filesize
28KB

MD5
1e74ba085eb08a3affe5f5fabaaa6caf

SHA1
46e3efbd21dc0a2c7650ed949bc7e7e91b37efea

SHA256
36be2a85c1989dc171bde986950b81d3e9cda21f1d1bf2f81f7fe15ffefad511

SHA512
517a109490c3724a630a85471e28ff3c4f96c9810b96f5baa9b66473ef59ed4055e331c8da064a53bc12892fb674f417b3485e96f16015e1437cbd2ca67e87d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22842\sqlite3.dll

Filesize
1.5MB

MD5
4795be5e45a29f950d498522ada00b18

SHA1
0582ab22ad37750b4a48328127309f21b8a1df4b

SHA256
197cc4d88b062d5aa7a16827c659598bf32caef142e1cd6841ceb054bd461b3e

SHA512
8dbca2d0a891a1802b662194bf5e68a458419acf544251fe4b7c0f08f1a01522dc725bef18fbc05b3e72a7205f8667e79a15d3707a15715ee6993fa7fe017437

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22842\unicodedata.pyd

Filesize
1.1MB

MD5
06092dbacf3b009ad11376dfc5ed2acd

SHA1
2597d23469d65936fca20906ef41e1f999944210

SHA256
2f9e76a8148029ade3e8f61d014d79a9b1c154cc9b5d6608f50fc478170ff676

SHA512
c782ebb9139a6b358d6e55cca3f018e421747984245fafbd150696b152763f2a6d08a21a0185f49df867dfabf5f066631a55f324abfed4e8bece8f85ead81c85

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22842\win32api.pyd

Filesize
131KB

MD5
99a3fc100cd43ad8d4bf9a2975a2192f

SHA1
cf37b7e17e51e7823b82b77c88145312df5b78cc

SHA256
1665ad12ad7cbf44ae63a622e8b97b5fd2ed0a092dfc5db8f09a9b6fdc2d57e7

SHA512
c0a60d5333925ce306ceb2eb38e13c6bae60d2663d70c37ecfc81b7346d12d9346550cb229d7c4f58d04dd182536d799e6eff77996d712fc177b1f5af7f4a4f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22842\win32crypt.pyd

Filesize
121KB

MD5
ed2ea8e74fb6f9f0af30daf598a08e82

SHA1
7a5ad8115b5e64f48b8fd2d8f57bd53cb806df32

SHA256
4fc28cf04c25fed159ae8709d7d618a55769bcc05bc7bcebe17e0b1b4332a1a7

SHA512
3cb593e7de17ab22cb2ff152c656673294467ee553cb1176d239af19e90dac211e3ba1f53077b7f7f937bf3dcb31cca18f5fd353477f30a0343a86da764c960e

Download Submit