2db0fa6485f648a47477e5d8bffbb7eda0d4c098bdb87bea4ff92ab4436853ab

Analysis

max time kernel
48s
max time network
60s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 13:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

exposeme.exe
Size

17.8MB
MD5

77279c9eb90441ed563912b644c59f8d
SHA1

e36fe816d1556fea3cef7a3de98274244d146f8c
SHA256

2db0fa6485f648a47477e5d8bffbb7eda0d4c098bdb87bea4ff92ab4436853ab
SHA512

8e34010ed3783d46777d55db50fc40f6a3404d6637c486f93078826fc8548439979d6a7ed6b56f0386adf4cc3d0cccc15c0da267cf88ba78245a88949dd5377f
SSDEEP

393216:+u7L/Zpszf490ULgtIGb/m3pjYXIn7wmgoJl47sN+9NrG/:+CLTszfm0U0ttbKjY+gy4Z9Nr

Score

7^/10

spyware stealer

Malware Config

Signatures

Loads dropped DLL 48 IoCs

Processes:

exposeme.exe

pid	process
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe
2068	exposeme.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

13 discord.com
17 discord.com

flow	ioc
13	discord.com
17	discord.com

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

exposeme.exe

description	pid	process	target process
PID 1336 wrote to memory of 2068	1336	exposeme.exe	exposeme.exe
PID 1336 wrote to memory of 2068	1336	exposeme.exe	exposeme.exe

C:\Users\Admin\AppData\Local\Temp\exposeme.exe
"C:\Users\Admin\AppData\Local\Temp\exposeme.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1336

C:\Users\Admin\AppData\Local\Temp\exposeme.exe
"C:\Users\Admin\AppData\Local\Temp\exposeme.exe"
2⤵
- Loads dropped DLL
PID:2068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3900,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=3988 /prefetch:8
1⤵
PID:3992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI13362\Crypto\Cipher\_raw_cbc.pyd
Filesize
12KB

MD5
a1b78a3ce3165e90957880b8724d944f

SHA1
a69f63cc211e671a08daad7a66ed0b05f8736cc7

SHA256
84e071321e378054b6d3b56bbd66699e36554f637a44728b38b96a31199dfa69

SHA512
15847386652cbee378d0ff6aad0a3fe0d0c6c7f1939f764f86c665f3493b4bccaf98d7a29259e94ed197285d9365b9d6e697b010aff3370cf857b8cb4106d7d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\Crypto\Cipher\_raw_cfb.pyd
Filesize
13KB

MD5
0dca79c062f2f800132cf1748a8e147f

SHA1
91f525b8ca0c0db245c4d3fa4073541826e8fb89

SHA256
2a63e504c8aa4d291bbd8108f26eecde3dcd9bfba579ae80b777ff6dfec5e922

SHA512
a820299fba1d0952a00db78b92fb7d68d77c427418388cc67e3a37dc87b1895d9ae416cac32b859d11d21a07a8f4cef3bd26ebb06cc39f04ad5e60f8692c659b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\Crypto\Cipher\_raw_ctr.pyd
Filesize
14KB

MD5
785f15dc9e505ed828356d978009ecce

SHA1
830e683b0e539309ecf0f1ed2c7f73dda2011563

SHA256
b2b68de1d7e5997eb0c8a44c9f2eb958de39b53db8d77a51a84f1d1b197b58b1

SHA512
16033b72be6d66ab3a44b0480eb245d853a100d13a1e820eff5b12ce0bb73e17d6e48b3e778d1b20d0c04fe1fb8a5723c02ed8af434ae64d0944f847796d98f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\Crypto\Cipher\_raw_ecb.pyd
Filesize
10KB

MD5
aec314222600ade3d96b6dc33af380a6

SHA1
c6af3edadb09ea3a56048b57237c0a2dca33bee1

SHA256
ea96505b38d27c085544fb129f2b0e00df5020d323d7853e6a6a8645ac785304

SHA512
bbc00aa7fdf178bb6b2d86419c31967f2bc32d157aa7ee3ac308c28d8bf4823c1fafcde6c91651edc05c146e44d7e59e02a76283890652b27c52f509c3b9ef9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\Crypto\Cipher\_raw_ofb.pyd
Filesize
12KB

MD5
4ed6d4b1b100384d13f25dfa3737fb78

SHA1
852a2f76c853db02e65512af35f5b4b4a2346abd

SHA256
084e4b2da2180ad2a2e96e8804a6f2fc37bce6349eb8a5f6b182116b4d04bd82

SHA512
276201a9bcb9f88f4bbac0cd9e3ea2da83e0fb4854b1a0dd63cff2af08af3883be34af6f06ece32fad2fd4271a0a09a3b576f1ed78b8a227d13c04a07eaf0827

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\Crypto\Hash\_BLAKE2s.pyd
Filesize
14KB

MD5
c482fe81df435cddef783ab0d8ad78b6

SHA1
25e0e650f9135110234091d5263be1721b8fe719

SHA256
55e20e1effe80f0d6655d690fa445659e0c692b800c4a01ecf3d43dfcb3324b2

SHA512
ef5a965b8505944e6b37581763cd9d525bbf1b877bfed319535aab675d0382b8655cd6a4f2832f608c1d89cfd0dae6005deda73a86b9d2d6e874953788ee0d36

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\Crypto\Hash\_SHA1.pyd
Filesize
17KB

MD5
67e8ab67b5db0a50af2aedea886eb362

SHA1
a7d071a3be454b78a0a0bb100e5d9859c12f98e6

SHA256
044b09a6351db40fe1f242c70942d865ce4cd42a12f24e358f84ae790677d92d

SHA512
b2e41422b6642e000d9220a1cf4188b1845a8cf9498338d66ca0dcc0724540694719a4d3eda017ca6f2f77c3d6a6c427c6c86db3910c686cecb58a40c5239e2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\Crypto\Util\_strxor.pyd
Filesize
10KB

MD5
5738d83e2a66b6ace4f631a9255f81d9

SHA1
5b6ebb0b82738781732cf7cfd497f5aeb3453de2

SHA256
f2718adadb6e9958081dcb5570ef737c66772c166a6ad8c0401adcd9a70f46a0

SHA512
bb21b62fd7fee22dfa04274d0fa1aec666c7845cd2ec3f01f1a0418a2c68f228ec0ae451c793ccae3aa88f1efee5d6019138c0975497518f990b8511b2fd0e75

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\VCRUNTIME140.dll
Filesize
98KB

MD5
6ba0dbcd2db8f44243799c891dbd2a59

SHA1
30a2719d4b8667fd237bcfb781660901c993d9fc

SHA256
263988a0868053b6b01835cd2959c8f71e3f943610421b269da646f2d9e3b333

SHA512
94dea85ef50d55cec0d1bbae4671386ce8ca02e870ce417abfef0a8499fdf0bd0eb5ba38debd07c213f7da39cbea63a18143484b05e9c7ca36b2f68e4520bb4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\_asyncio.pyd
Filesize
62KB

MD5
efb12f5663a8924b50eab1ea31084f7f

SHA1
c35c635bc566d1180bfa3885aa6a482f3d8724b9

SHA256
75d2d17cf03cf3a4aa9f51c5d71e8a8edc54e5437a5286f30d36f7182bc85e00

SHA512
11ed3c94a545ebc16e615d27329e249906448a748a931ea4b7881cce43ecd36bdedf47a473b27f2e6363f64e366fc65aa078507dfeee8487b7e545e3804b9e0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\_bz2.pyd
Filesize
84KB

MD5
6909da62abc73216883a89a60b66e73b

SHA1
015eb36344e5f3fe2df467bd47a04bded616b052

SHA256
4c22e0d2786dd7e93f55e1f4a1c27d2e141a55682ed2c09b90320817fcf011f9

SHA512
eddabb51b6092b3c3e3b6968ea831a262f8f5f8a26b1c95badc616ca236d0928aa789334835130ec40137ffc623b5d2031a585e890162b489a26fd990845b63a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\_cffi_backend.cp38-win_amd64.pyd
Filesize
177KB

MD5
af96b1d6482552688c6974ad8d4694e1

SHA1
e4e9612ff0cf34d06f71c73b7c31bc89ea6f7b48

SHA256
64b7e32fd6b492f7763d92727a5c23818cc5da3b977b324ca71117aef99dc6c7

SHA512
35ae72614da4cb4eb49851e64a0ef535298c6b96617360f3ce5723832b26f04a1931e48173737b055e7c6fe00f1d788e918489ea5c7775eb9fd0d98216779704

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\_ctypes.pyd
Filesize
123KB

MD5
ffde1baacbe6729ad5246068870915a4

SHA1
2d42751140fc244f19dece6b1948b2b67d36bab4

SHA256
cc839990fb1020520731c35a183c83c9dc927aa78fa6b149a92a39e9d156c8b8

SHA512
1ac3ec986c55af37eb93d35a15e8a64726e5154240c0c5aac8286f7e347c678482ec65c62b454cf237023253642335ce6b3f6c0cc084e1527e61d48aaf7752f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\_lzma.pyd
Filesize
247KB

MD5
af8385e0cb374ae6caee59190175dd12

SHA1
a16d7d021ec3fa31fb1b2ce5929c2d3d4c96d6b8

SHA256
e414ee3efa6a4e1edf610dd780335ab9372cbe7919a73596bbb267b55ad23999

SHA512
3e4e26bbcf14ebcb4faedb8982c46b3f5318c88dd395c668c50e4f5ddbfe6c1836eb49e49e855cc95934e8247e63df0f7543f66e4fe13335558fc21c0c566b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\_overlapped.pyd
Filesize
44KB

MD5
07a111f08b382f456da32873ffe12f15

SHA1
9cc2f4e49698020b0211d837c9d30adcef9f6e72

SHA256
600c131efcb237fa992de26a3b38e472b16f731c9f14fb25c7d730bab27960c3

SHA512
f432fc289d54d8cc581efab8f623929c8d5d8625aa25f9c76bf37f335e928b15121236a3e2724fedf6d7ac55988c63caa365df4a53901109ff6b59f9360654e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\_queue.pyd
Filesize
27KB

MD5
1711e365021dae47498f552c1d000d49

SHA1
c0512da577c85c2c1b5822761baf535a7ed3dc2c

SHA256
2b4b4b0b1ea2c6ce8e33c3896e73af029962ffa1a5c7ddb2d0152991214a84b1

SHA512
065a2a94af1079f5e0cfa4807e026c9deb28cf559779e0527ed31b541814280b907094659906fc3ffd3520437c5a37bc0225937abc08b9aac18e3b5215bd5f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\_socket.pyd
Filesize
77KB

MD5
fc47a3b4dc7353591970a20678b90a81

SHA1
5ca5436e0c66f468bb48b5ea16c69125fcc34bea

SHA256
4e7ee0ecf839c42d96c53309384737e8f84bb5e90ecd20d511cc3fc6ec135f44

SHA512
8f52f33ce49bc38a9356d46c63aef4f8f05d491377f4969f52fd84f83712faed3d9637044d27583bf06fc52687667b630ba8d2eb8ee27f4a810520df5499b725

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\_sqlite3.pyd
Filesize
85KB

MD5
515d66f23287eeaf37215657ec2b5cc0

SHA1
9e949066922436d22d5642aa6299cdb37a21c6ac

SHA256
74fa8048922a3a723e0768e797b709f84ce3e55178152608bb829be1b57a6253

SHA512
7c72b0569ad3c9e26377310e5e88898cc60dc40533fea7e658442758511c730bf34a3cb0154e6490721099649ecb99dd93fb0378ee1d80185ec12a5bda30e343

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\_ssl.pyd
Filesize
150KB

MD5
bb726a022fa65d9db794e280372dbe3e

SHA1
c48e78b37e10a713380040d16145e0ef06050e8e

SHA256
87362816a16c45095ad9ac3dc174509b2a4dd794cd17f56cac356d11c992de12

SHA512
637b78e884b55e6819e64e1b8f57f8399099165b65bf5866f8d03adb1305655b4773096b80666f88c1ff65cdd0c74ee2e0bcfb3258456ddf04c47b597f4f4287

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\base_library.zip
Filesize
1005KB

MD5
e27d354ee3a54e81f42229c3a91f0c1e

SHA1
8ebd15359c3ead223d3163b87036cf9609d34db8

SHA256
13bf601b0b289cbc9a5e13fe6e2875dbfb61d53aab720b04adf23cd20d592868

SHA512
752baffa9a2ec92f550846e68df08dd6d522752784f12dfdcfbdfcd3b1ed647879b2bd3ec0d647806758b3351d02e8a8b9b028c00bcc79035be87b41be41c0fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\libcrypto-1_1.dll
Filesize
3.3MB

MD5
4929f390f3b9132af172d38b22bd2a2b

SHA1
19d27dc93c402801b8cb582b3aa27b17d24403d3

SHA256
4c1cbe61f562459baf382d3153b4bfc8a651bfc4ab41c99b3c8c29e19de7fde0

SHA512
2c7f3dfaba9e2844bcfddd3b05897f97ef043cc1cd5576ec0442eb26c9740c4df69a707e28bf5c6a0796e27e8de77ea430626ec822d74e054d081d32aaae7d93

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\libffi-7.dll
Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\libssl-1_1.dll
Filesize
678KB

MD5
facfcc9c58fe4238c847907689ddf485

SHA1
8382d1666627cd47855bc687615a9cc38eef7361

SHA256
d89a9009e10a2cb2d49771e694cd88f33d69cff0d3c92bc2d8e0b512e0ef9546

SHA512
f5d5f3e59438d6af1bcd22d85982107cc5eaea52c62243d11464a01f37172cb0aed343de68652882234349f1e0671b976fd5b6e77a532a9fa3cda7a0f77718c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\pyexpat.pyd
Filesize
184KB

MD5
9db090f0ec76c0c5c198396104a5b983

SHA1
db5adfbbadef6d06383a7f031beb2784a0093d0a

SHA256
b3e7eeb1f863ebf2a0debe1f8cb5a830370647f5728b90fdb7c03d9f62500cd0

SHA512
059edf754d0dc0282205192483df2ed7a562e04f5bd0cd9695389fe8d79b9780ff325641a77eef4413bd897d804b3f4ab29ef0004db9e8d0ecf50badaa1dbe06

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\python3.dll
Filesize
57KB

MD5
56c4af0c9a747adea5e8b2cef937eea9

SHA1
629c6d1e06504b30f267d3443e5b8be77ea3587e

SHA256
1a5ebaa1983c606d8e2b43bd4be754bd2b5314247cf3c1919152804e316ca75c

SHA512
54c37dd649c3f9ff19e577dabea1ae45d10d736cef63c322bd112d74da8a1afb635649e11fc68703737575e7bfce79a6de4470a3a05c0f3ac0221364a1feaded

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\python38.dll
Filesize
4.0MB

MD5
c0ed63bf515d04803906e1b703e9cb86

SHA1
61f9a465d7a782aedfd5e2b1a9dc8bff6c103b5a

SHA256
24bfc999a733d4759ca40425610555f597b1d015f87ef5f84e15c665297247a4

SHA512
78384c34cefc40cb86913dffdc6a360668467731a8a3678d5f8377d8ae63d244b45506b0b6e2498825b53abe8fd84d2b75b3e9fef3703fead90183ace433e70a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\pywin32_system32\pythoncom38.dll
Filesize
701KB

MD5
05b45f17290a76568c61c0ffcb445b67

SHA1
c8f39f7d98a29a520f940dafc4d39f1ab0208b0a

SHA256
8056e931df9a8ba6a3d2def3033361be64a6f81eb5ebc99c3afa4484dfd0e8f3

SHA512
80e6e9a7484d6d620a07eed2f8b0adc3190d85f05ae74ba8af111611ec6f394d70a08e8372a51b9dd4ead602c8895f46a91a99c1701e9234f06484d96d3238d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\pywin32_system32\pywintypes38.dll
Filesize
137KB

MD5
b6edd1f02eda832beaf5be3b87354667

SHA1
d7ee654a79a8b49adbce5bcdf31f1038004a7f46

SHA256
95d8327ef84c8563e476c0f16d21e9a045d04a6987afd4260f97ccc856b08926

SHA512
fb99baa053504def4da425829501433cf5b9800707705e09e826eda4334d0481bf15ee05836e1c3fd6966970e02d883a173dd71031097ead38c33f6af0b94338

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\select.pyd
Filesize
26KB

MD5
f4887f1d906dc336fe0c3f7dbb720ca3

SHA1
67def676ad3569029d2a357a40a138fc7570bdcc

SHA256
36552bc64127d4866c657c9b74c0399baad70957a5380896fd8202e3a6bb7b4f

SHA512
51006d164c2512adfab92d22be5fed7c093cb647821045a6cdfd2ed7a30d94e620a446b8434b3e91d5544ef737e1492f3dc6c29cadbfdfa5e41df7fb5106a301

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\sqlite3.dll
Filesize
1.4MB

MD5
aa21b1b8d06846022de18164911ab2d8

SHA1
9091a9aec63adf8df3f820e584c8ffacf64ab8e8

SHA256
1357bab65b0362542bb99b5e1c9b2f76a644005331215b74bd723c2c81780c6e

SHA512
9c0eadf6645b1e4a266469cc32f962fecf667ee0828c21effad01fee0cc8a7f207a1b0716ab25710d0acc410cb24c0d0cd3b095bf5a25e0dc1d78ca6838c9a76

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\ucrtbase.dll
Filesize
992KB

MD5
0e0bac3d1dcc1833eae4e3e4cf83c4ef

SHA1
4189f4459c54e69c6d3155a82524bda7549a75a6

SHA256
8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

SHA512
a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13362\win32api.pyd
Filesize
137KB

MD5
938235f10520de4169043b4eb20050c8

SHA1
02ae94126f79f96feaa60c7bfbcffcc540a84892

SHA256
a27f2f515bd5b18725e412cfc0d9fa0fb35ad75c037a6d1a66ad891d032a5744

SHA512
cda79d6e9b0ee7d30ebdb969f56397d01cb43b59e8b86e8f0f04764a5aa6261c691a3bd713ac15ebdf760421588db4fdfcefc019e02cf2df1050c3b6b919baaa

Download Submit
C:\Users\Admin\AppData\Roaming\Loginvault.db
Filesize
56KB

MD5
5be7f6f434724dfcc01e8b2b0e753bbe

SHA1
ef1078290de6b5700ff6e804a79beba16c99ba3e

SHA256
4064b300ca1a67a3086e1adb18001c0017384b8f84ff4c0e693858889cef2196

SHA512
3b470c3ad5be3dd7721548021a818034584bbd88237b1710ce52ac67e04126fff4592c02f5868ebda72f662ec8c5f7fc4d0a458f49fe5eb47e024a5c50935ee2

Download Submit