6e4e40e143cb43db3f05e4d296303da14cd987fc4c98d21fe108e958194563f7

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16/03/2024, 07:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cd7e025e683ae4b5161993af966f0c81.exe
Size

7.6MB
MD5

cd7e025e683ae4b5161993af966f0c81
SHA1

6b26ed9dd1733917944c8b212df04f4499a32472
SHA256

6e4e40e143cb43db3f05e4d296303da14cd987fc4c98d21fe108e958194563f7
SHA512

cc276ee108d505cea6b4a540bb420aae47266a5b50f9b17b96bd22f378dbaf06e16c4b8af1b4e8a2cf50d59af8fe250787bc7452315f65674d23728fe01623fb
SSDEEP

196608:OGQ9onJ5hrZERMB2WZufOuD9LU/QKyPrkLrEozn+nU0:ZQ9c5hlERo2WmfDZUXIkLQozp

Score

7^/10

spyware stealer

Malware Config

Signatures

Loads dropped DLL 17 IoCs

pid	Process
4648	cd7e025e683ae4b5161993af966f0c81.exe
4648	cd7e025e683ae4b5161993af966f0c81.exe
4648	cd7e025e683ae4b5161993af966f0c81.exe
4648	cd7e025e683ae4b5161993af966f0c81.exe
4648	cd7e025e683ae4b5161993af966f0c81.exe
4648	cd7e025e683ae4b5161993af966f0c81.exe
4648	cd7e025e683ae4b5161993af966f0c81.exe
4648	cd7e025e683ae4b5161993af966f0c81.exe
4648	cd7e025e683ae4b5161993af966f0c81.exe
4648	cd7e025e683ae4b5161993af966f0c81.exe
4648	cd7e025e683ae4b5161993af966f0c81.exe
4648	cd7e025e683ae4b5161993af966f0c81.exe
4648	cd7e025e683ae4b5161993af966f0c81.exe
4648	cd7e025e683ae4b5161993af966f0c81.exe
4648	cd7e025e683ae4b5161993af966f0c81.exe
4648	cd7e025e683ae4b5161993af966f0c81.exe
4648	cd7e025e683ae4b5161993af966f0c81.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	api.ipify.org
5	api.ipify.org

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4104 wrote to memory of 4648	4104	cd7e025e683ae4b5161993af966f0c81.exe	90
PID 4104 wrote to memory of 4648	4104	cd7e025e683ae4b5161993af966f0c81.exe	90

C:\Users\Admin\AppData\Local\Temp\cd7e025e683ae4b5161993af966f0c81.exe
"C:\Users\Admin\AppData\Local\Temp\cd7e025e683ae4b5161993af966f0c81.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4104
- C:\Users\Admin\AppData\Local\Temp\cd7e025e683ae4b5161993af966f0c81.exe
  "C:\Users\Admin\AppData\Local\Temp\cd7e025e683ae4b5161993af966f0c81.exe"
  2⤵
  - Loads dropped DLL
  PID:4648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI41042\VCRUNTIME140.dll

Filesize
99KB

MD5
8697c106593e93c11adc34faa483c4a0

SHA1
cd080c51a97aa288ce6394d6c029c06ccb783790

SHA256
ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833

SHA512
724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41042\_bz2.pyd

Filesize
84KB

MD5
b89b6c064cd8241ae12addb7f376cab2

SHA1
29e86a1df404c442e14344042d39a98dd15425f7

SHA256
0563df6e938b836f817c49e0cf9828cc251b2092a84273152ea5a7c537c03beb

SHA512
f87b1c6d90cfb01316a17ad37f27287d5ef4ff3a0f7fd25303203ea7c7fa1ed12c1aef486dc9bbb8b4d527f37e771b950fa5142b2bac01f52afbfdbf7a77111d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41042\_ctypes.pyd

Filesize
123KB

MD5
4d13a7b3ecc8c7dc96a0424c465d7251

SHA1
0c72f7259ac9108d956aede40b6fcdf3a3943cb5

SHA256
2995ef03e784c68649fa7898979cbb2c1737f691348fae15f325d9fc524df8ed

SHA512
68ff7c421007d63a970269089afb39c949d6cf9f4d56aff7e4e0b88d3c43cfaa352364c5326523386c00727cc36e64274a51b5dbb3a343b16201cf5fc264fec8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41042\_hashlib.pyd

Filesize
45KB

MD5
496cde3c381c8e33186354631dfad0f1

SHA1
cbdb280ecb54469fd1987b9eff666d519e20249f

SHA256
f9548e3b71764ac99efb988e4daac249e300eb629c58d2a341b753299180c679

SHA512
f7245eb24f2b6d8bc22f876d6abb90e77db46bf0e5ab367f2e02e4ca936c898a5a14d843235adc5502f6d74715da0b93d86222e8dec592ae41ab59d56432bf4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41042\_lzma.pyd

Filesize
158KB

MD5
6e396653552d446c8114e98e5e195d09

SHA1
c1f760617f7f640d6f84074d6d5218d5a338a6ec

SHA256
5ddba137db772b61d4765c45b6156b2ee33a1771ddd52dd55b0ef592535785cf

SHA512
c4bf2c4c51350b9142da3faeadf72f94994e614f9e43e3c2a1675aa128c6e7f1212fd388a71124971648488bb718ca9b66452e5d0d0b840a0979df7146ed7ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41042\_queue.pyd

Filesize
27KB

MD5
1707a6aeeb0278ee445e86ee4354c86c

SHA1
50c30823b1dc995a03f5989c774d6541e5eaaef9

SHA256
dd8c39ff48de02f3f74256a61bf3d9d7e411c051dd4205ca51446b909458f0cd

SHA512
404b99b8c70de1d5e6a4f747df44f514a4b6480b6c30b468f35e9e0257fd75c1a480641bc88180f6eb50f0bd96bdcafb65bb25364c0757a6e601090ae5989838

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41042\_socket.pyd

Filesize
77KB

MD5
eb974aeda30d7478bb800bb4c5fbc0a2

SHA1
c5b7bc326bd003d42bcf620d657cac3f46f9d566

SHA256
1db7b4f6ae31c4d35ef874eb328f735c96a2457677a3119e9544ee2a79bc1016

SHA512
f9eea3636371ba508d563cf21541a21879ce50a5666e419ecfd74255c8decc3ae5e2ceb4a8f066ae519101dd71a116335a359e3343e8b2ff3884812099ae9b1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41042\_sqlite3.pyd

Filesize
85KB

MD5
7f184284e7786226d3b1de5f02338a48

SHA1
b5b8d1a23780dabe32e994a6a7b348fc56f97c43

SHA256
17fb342ecdacb63160576dec824c9f627ed06a6ba58236110620afaeacb45bb5

SHA512
c3794f8e0eacaa98c756bc6f0ab7ee39ccdc228691298c9b5d14ed834ec06f408d86031bcd62cffb02e349706fee8763ca24d39b13cf7a8feefacc25aab9ed46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41042\_ssl.pyd

Filesize
150KB

MD5
fefbb91866778278460e16e44cfb8151

SHA1
53890f03a999078b70b921b104df198f2f481a7c

SHA256
8a10b301294a35bc3a96a59ca434a628753a13d26de7c7cb51d37cf96c3bdbb5

SHA512
449b5f0c089626db1824ebe405b97a67b073ea7ce22cee72aa3b2490136b3b6218e9f15d71da6fd32fba090255d3a0ba0e77a36c1f8b8bea45f6be95a91e388d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41042\base_library.zip

Filesize
768KB

MD5
58b909aacf5726be8457cbfe59cc1cb2

SHA1
68033d042ade5fbd77c2bff4043b5695504cdd31

SHA256
f6536c1f1f557a217481a1a9b8f0073ad607c6f3ef43c4ed9d33f44e3d0a7625

SHA512
fac103e6b70543824f298b21100a894c3caa232f46b18e501980599fafffaad728c770712abfbe84b146cc13d48af02231b068d4988db594e9726afb7460f8d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41042\certifi\cacert.pem

Filesize
275KB

MD5
712a0c9e3337edc7f4c6c36a67727866

SHA1
cd0cc7f28f7c8aefea6f54f392c7bd68acacf572

SHA256
53b8854f8fe7fbb5c27c7a5cf08e3a69de641ee1af0d279d95ad9f75b428414a

SHA512
2183f4eaf351e500054039eecabf76df00c1fd66d777ac7cffab841bcbf6a60673d138c550b6e73bc80c5c7a162f399e4a6a62b120841df2902313cb747b14c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41042\libcrypto-1_1.dll

Filesize
671KB

MD5
faa9419b7daa2f2b0987afe2f25e9e92

SHA1
70c96821e12a897fa859d5fbc75e3582c5cd31e5

SHA256
564808a3ead9df0de9758463144c06f82a7dcabe8256289d41b3a5a79ccc9710

SHA512
3501bc16037745699f56cdaefc77413e15dbeaf68a7d86e54cdc67a019ff358c2795385d368f8f217448b25ab860480f22e92376b125d0af842ba0b8c208ed24

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41042\libcrypto-1_1.dll

Filesize
576KB

MD5
8ac94691e199a88ed4ba7220c0d24e7a

SHA1
a809fb63337f66c274d1a292c9d3843a05882b2e

SHA256
284156b4bab7658487adc636101cd53b3b7d2fc49104ed288892e9d15b684406

SHA512
33ca1c4ab56143da284c9c6ee52f3b18ca9d7b4fffb719d51f44cb3a7e9ccb914435d4cfd1a039dfdeb502732750a59044ca195ccc8a48bd8fd218da1f790b05

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41042\libcrypto-1_1.dll

Filesize
681KB

MD5
ede2276c79a00468b5a4794ad596fc53

SHA1
00c177557df486fae59975107d0925c81ff20f66

SHA256
300f13e15c3abd11c962116fd2ce1e9f8852adb718ca3daa6b799596f7cda4f6

SHA512
020ddb21235d929138ac5e39c1dc715954e047fe9b537fe679e1e353b3dec36d6201dbb5f545215a061dfd897a7776e64882d211192ee6db9b3d9490c2582363

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41042\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41042\libssl-1_1.dll

Filesize
576KB

MD5
0de045b04c3014d7fd5995547236cf2b

SHA1
f7e8a2f11c16eaca49c2c8261a1d7061fefb4535

SHA256
7d02f643fb6d9a60e8c6031cfb813ced7ba713e8e86637bd7f3d8b96ca2af844

SHA512
6989de8ac08c6c15cfbb3a225a0358afa0843242639886877d6dfec02a4b5e8e6a6a171604fb80be98c5ea1df1d73f170e7c698e28080b5d12582b26ed892cfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41042\libssl-1_1.dll

Filesize
625KB

MD5
589a1645c438c29a1c56e029b5084a11

SHA1
93732cfcf8ed6384142293fc2011092e90cc4bac

SHA256
36dab6ae75e64017210fe8da3cc51edb8b1558ad3a7e1b9f83495747c55fa1a4

SHA512
bf10a809ace58c9f54be5bf06412f170c96f75c36dbc7aa5f5b5f6292bb70cd46932f44268ce1aa59756189b8d2fa73ec772aced78149f8caf80fd7694ee8849

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41042\python38.dll

Filesize
1.9MB

MD5
327eed9ef54d9ef8bd2ec31913c1caff

SHA1
64ad78cfb5bff4887a1b6fcb38f6aacd96d0fdd7

SHA256
f27a964c9ae73c24bdfe3584664cb93d31948a954209056a7c707e809cc4763e

SHA512
e9479643cefb2315f9f30e1ef0351d10f16ee3b6f5805bd1b3ea7f2d089b435aef5ff68cbbe8e1979c3fa0f89687a81779c97cb58ee4182d15cc81874913edfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41042\python38.dll

Filesize
1.2MB

MD5
003aa8f62370cd73da0fa85baffed8f5

SHA1
d7c2bc14badfe9e9e705e4827117772828b12b71

SHA256
dea37c63a5986f80fc9a4c142988440e64e9c9b1d8ac82d3fe92b36a7ce84ba7

SHA512
a8cfc625703524c39e192b14f51950b01c6a60ea58735c1219bb667502c3585a17089c33ef27979765d2b195f088f44d0517801c603400fbc7cf3f9cc7a8aef2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41042\select.pyd

Filesize
26KB

MD5
08b499ae297c5579ba05ea87c31aff5b

SHA1
4a1a9f1bf41c284e9c5a822f7d018f8edc461422

SHA256
940fb90fd78b5be4d72279dcf9c24a8b1fcf73999f39909980b12565a7921281

SHA512
ab26f4f80449aa9cc24e68344fc89aeb25d5ba5aae15aeed59a804216825818edfe31c7fda837a93a6db4068ccfb1cc7e99173a80bd9dda33bfb2d3b5937d7e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41042\sqlite3.dll

Filesize
328KB

MD5
6a283f41a020aa3d7b137eecd8c2ef95

SHA1
ff4352a048460fc8aa15016a629c643d05ec8d65

SHA256
62dcec3d18f4b8d2bd039ebde06045b768871ec8e1e6a82fe10104a4765503b0

SHA512
95d0979d2b6d9a379b232c2293eae652a67fd5cd76e8190d2764b41036c98ff064393ddbf03b45e56f9d07c467c9b41e68246f24abbdf9c02610fb746d185628

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41042\sqlite3.dll

Filesize
259KB

MD5
7eb03225d0206a75209acce5dfb3ec36

SHA1
4b125e71da433c93dc8bd9fe51e7233074b7a6c7

SHA256
fdd968a51c9c756cbab23c2f3937f63f7ed4c58741f287ab654d8baec67c99f7

SHA512
896bca71e3024df70d8da0a62709db04421059bc51117b5fdadf7fc832f7186472c08c2a8d5bc8955089991ba2c1216b5cae7d83c2a4180a2a51a15147f8470f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41042\unicodedata.pyd

Filesize
1.0MB

MD5
84fb421643cab316ce623aa84395a950

SHA1
4fba083864b3811b8a09644d559186ecb347c387

SHA256
5578c3054f8846be86e686fb73b62b1f931d3ed1a7859b87925a96774371dba4

SHA512
a2132f93b0e4292dc9c32da2a6478769ec4f58be5c36ee2701e2a66154ea1dc2c0684fc7698e7c3ac04f5c1d366cb9633a9366e5a38b7ff7a964ff25ea266f9f

Download Submit