c977ae66e324525a57dd0982d670fce03626aa70b4c57e7aff2ba8eab97e4e75

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-12-2024 06:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Erebus-master/gather/cookies.exe
Size

6.5MB
MD5

887eaff4676116c56d24a8e451a7af13
SHA1

cc0dd8f039dc978fca2618656d4a70c43ae403a7
SHA256

438cf9de347cd3d4254b709f914c421ae23ce6d0ab364054b49a736f6de228f7
SHA512

9caacd1abe34c4a75910ee1bb125ae48ef7ffac3a630a5cd52cb6ec8d719b2a851ec22fc0ad790af0b82d4e0fc1a2fd1dfb4111186e0ae3311e620ba2ed91453
SSDEEP

196608:0cY9VhKd9e+q2WWmQqh+ZZRt5d85EkUtquStb:gVUd9vqZQfeNLj

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 25 IoCs

Processes:

cookies.exe

pid	Process
2924	cookies.exe
2924	cookies.exe
2924	cookies.exe
2924	cookies.exe
2924	cookies.exe
2924	cookies.exe
2924	cookies.exe
2924	cookies.exe
2924	cookies.exe
2924	cookies.exe
2924	cookies.exe
2924	cookies.exe
2924	cookies.exe
2924	cookies.exe
2924	cookies.exe
2924	cookies.exe
2924	cookies.exe
2924	cookies.exe
2924	cookies.exe
2924	cookies.exe
2924	cookies.exe
2924	cookies.exe
2924	cookies.exe
2924	cookies.exe
2924	cookies.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

cookies.exe

description	pid	Process
Token: 35	2924	cookies.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cookies.exe

description	pid	Process	procid_target
PID 2132 wrote to memory of 2924	2132	cookies.exe	31
PID 2132 wrote to memory of 2924	2132	cookies.exe	31
PID 2132 wrote to memory of 2924	2132	cookies.exe	31

C:\Users\Admin\AppData\Local\Temp\Erebus-master\gather\cookies.exe
"C:\Users\Admin\AppData\Local\Temp\Erebus-master\gather\cookies.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Users\Admin\AppData\Local\Temp\Erebus-master\gather\cookies.exe
  "C:\Users\Admin\AppData\Local\Temp\Erebus-master\gather\cookies.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI21322\_sqlite3.pyd

Filesize
83KB

MD5
71d8d3b5aa31b0bce21c1557bf2df269

SHA1
4e5b7c44ce996f5e6986d5a1eccb4441fb648590

SHA256
440aae80b5026dc0f2d4ad080079dec960d236063b3eef3a456b8fb0c954825d

SHA512
b4f536197739431e4d3ad922f2a861c72f43972ab279b17788666642a26cd04a5c0af00124ceb858e69004ecf49535f2b6ca4987c280beda08a89d34a8e5b405

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21322\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
b402ed77d6f31d825bda175dbc0c4f92

SHA1
1f2a4b8753b3aae225feac5487cc0011b73c0eb7

SHA256
6ed17fb3ca5156b39fbc1ef7d1eefa95e739857607de4cd8d41cecfcd1350705

SHA512
ec04013139f3fd9dbf22b92121d82b2eb97e136f8619790cde2d0b660280e838962f9006d3e4c3a359627b017f2b6ade7edff3bbc26e559c3de37540585602d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21322\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
19KB

MD5
3d872be898581f00d0310d7ab9abaf2b

SHA1
420e0ab98bb748723130de414f0ffed117ef3f7e

SHA256
4de821884cbef4182b29d8c33cfe13e43e130ad58ee1281679e8d40a2edcb8ea

SHA512
35cfb9888a5f4299403a0d9c57f0ba79e3625431a9acc5e04ae2ae101b3dc521a0dcff5d4a1bf508b25dbf05dd432f6987d860ff494d15538ed95673a8b7376b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21322\base_library.zip

Filesize
760KB

MD5
360211535ba28975acde38b7b7e513c9

SHA1
9da413c45c9055ed5e635a5e76e78b5cb18c8876

SHA256
ee41c32fa4eb264397e5303e104a74df515463be9d5d55d2b459487fe8944837

SHA512
891b2bbef2e79c3b2d3d747b279ec33afe3c0c89928354cb01dc02f1b41915141b5bb3bf51131cfa251f1d631a9e2568e821e382e860329066119468fb95979a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21322\cookies.exe.manifest

Filesize
1KB

MD5
6bdfba498750008ba0e5c88d27cf2705

SHA1
7ec69a9dcee8aabc59b4569f5f6994a141975c52

SHA256
29e43ecfadf07f699837d572d966397210ed71875638512ba0019d7d64be340e

SHA512
ddcd84b93e39cef0ad1a86e9749a316c079bd856d509b160cc874e80f1e141830b5ecfa3482b021fb4b6667b8267c3329f3573ec5d197a87b9982277702d01e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21322\python37.dll

Filesize
3.6MB

MD5
d558d4db5a6bd29a8b60b8aa46e5329a

SHA1
a5036009de7165b1b4721263eae4b240ee689095

SHA256
1cfdd40a9107d89310e4e3b6df5f25f26944b312e61638d014f1b1a8050ccc07

SHA512
5590fbd6c9c81293b21e9da9d35d5177f03ba3d247771e4abef3420420d9024f3a775796d73becd5aeb469df648d3105a016693c6b8f68e8c61399212439eebf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21322\pywintypes37.dll

Filesize
134KB

MD5
ed2b6bed0b3bdaab7b2a9f86190a6908

SHA1
7a9d658b5d92f1aaa6f717d0092ff89aff956bca

SHA256
8c11ff4d8718138e180615f86af2030fe86d700933fd6314714f7892a94ea1e4

SHA512
0404f418d0f6b6e66a14de1d25340761b80692b93611ac1db5052bbd1043b09606fc75f22b0b64d1367fa3cd1fe2c55fd8fb5064a1bba8a281ff0909108ea0e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21322\ucrtbase.dll

Filesize
999KB

MD5
b1399c7bcc6ac3806a6b904212faf547

SHA1
bb75cb27c951f7e5d34cc514d598e34e372b18d1

SHA256
476a9bbb93f15181bf5c379be141e0518439dff7bb13b35a98698c85f2f092d9

SHA512
14918a56c6195562e6954395286a18ac4fa61f8768a9060a153a4e0eb698a1d2b2bd75c18303db511b5cb68b2c2677d2442466a5ca8a6484e5318948b8397a75

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21322\VCRUNTIME140.dll

Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21322\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
9d8413744097196f92327f632a85acee

SHA1
dfc07f5e5a0634dd1f15fdc9ff9731748fbff919

SHA256
6878d8168d5cc159efe58f14e5ba10310d99b53ab8495521e54c966994dac50b

SHA512
a8f6e9ee1c5d65f68b8b20d406d3e666c186e15cb3b92575257b5637fe7dd5ac7d75e9ad51c839ba4490512f68f6b48822fc9edd316dd7625d3627d3b975fb2a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21322\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
361c6bcfcea263749419b0fbed7a0ce8

SHA1
03db13108ce9d5fc01cecf3199619ffbccbd855a

SHA256
b74aefd6fa638be3f415165c8109121a2093597421101abc312ee7ffa1130278

SHA512
aa8b585000cc65f9841b938e4523d91d8f6db650e0b4bb11efd740c27309bf81cdb77f05d0beda2489bf26f4fbc6d02c93ce3b64946502e2c044eea89696cc76

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21322\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
6c180c8de3ecf27de7a5812ff055737e

SHA1
3aad20b71bb374bb2c5f7431a1b75b60956a01fd

SHA256
630466fd77ac7009c947a8370a0d0c20652169824c54ddcb8c05e8df45e23197

SHA512
e4aa79eb2b6b3be9b545e8cb8b43cd6052036dc5cce7077be40441b9942931b30d76c475d550a178d4e94c9c366cabc852f500e482b7fdcd361fc2a08e41c00e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21322\api-ms-win-crt-conio-l1-1-0.dll

Filesize
19KB

MD5
84a950e3c162d67f98516bb1744139e0

SHA1
05ff2fe60c5748c33ba8605aaf609b3bdfe2772f

SHA256
91f4db05c69c58ecb2493e30acc5297043c41b1ce6db50cee4e2922cd4bcd7f2

SHA512
7328c6a512d450f2538efeabf3f467489a898ed7c1d45c1952b98d118d898083510c9849182bc425411a408c113a351a28b41bedeb5b8de61427144b3fa87c80

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21322\api-ms-win-crt-convert-l1-1-0.dll

Filesize
22KB

MD5
d749afffa2b3be4b2a9edac50c20b28b

SHA1
972253ed12c344b85290f7b3d5f9608a7f7b0670

SHA256
e64fbac3491b4693e79a3f7b0db1d788f93608d3fc82133edf25a868c80d2153

SHA512
4447b6960a6c178f7c37dbd38e9aec24ba5a0c58e19afcfaa2b70dca7d7bbe87ad7aa1ac9d48ab9b56b1f375768d4c4cb28d5afcf714102f9757faa2b3e728d9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21322\api-ms-win-crt-environment-l1-1-0.dll

Filesize
19KB

MD5
7a2874fe036f7dc86ed5f712adaa38e6

SHA1
440f2dc5379ceee35d29571c195dc7a76e8b70e7

SHA256
dd054e4de84144c2130fa8d28d563252a7c4089a58872e49d63bc43c9a1a3cb8

SHA512
d20811025f714b5fd3754d607422f4fb5cd6c456ffceef139edcb0cfaacd9b63a694ce2ea737db78385f0b23ddcfc283282a319b79e7a0e4bd50034e87aacb9a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21322\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
20KB

MD5
73e14d927d075ca273b3237116351e8f

SHA1
0c15cea3c83c7f7e692dc6f8bd856b615c727d49

SHA256
966a7f15bfb2e0ff7888d583638ebd675d8f46b264194cf332f78140b7c129e1

SHA512
664f72d7adf48f8499321f8a5df952c6043532aae09bae9ffbd59da77b161cd43211a3aaef1ba85529dfe00498d1ac3a933a7c9cf437095c6a337c9bc0816b3f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21322\api-ms-win-crt-heap-l1-1-0.dll

Filesize
19KB

MD5
01370c79ebabd534e7b58d35072d2866

SHA1
8cd0cd21ff838a2a314246def4bd858bab184a5d

SHA256
742bb9bf4c232f84ad8008af4af8eda7a1ec3eb76f05d9d7ebb95f6a5cabd2d8

SHA512
b07d9634ac804b476d61b6a0fc87894947e88744cc3eecf7d68ede3714acd938fae14452e43f9110919b8f8f9f5d4222e9de2ca97a915dd07b3231d674729761

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21322\api-ms-win-crt-locale-l1-1-0.dll

Filesize
19KB

MD5
bacb72fa56de18d5ac63e4a0a3fe768f

SHA1
7db19efe649d30337781afd62616c0549255046e

SHA256
25905676b543c4f05e9dae135f929c03a57686a6941ce59be2b3450521feb943

SHA512
78d82962c11e5928e77c5bd0377ecb6b00c2eca242d637f76e68fbf907bce7381f3a5294100d055c30f6e2aee164db0b95dcf0c0c77e39edcec4a046cfc63ed4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21322\api-ms-win-crt-math-l1-1-0.dll

Filesize
27KB

MD5
85893a96a568ba9781f50f876ed303cd

SHA1
fb7473bc5b1e88e978b7e5664b45d69770c8f4fa

SHA256
08e34f12de24e89379a0533f21a23ce6fecbea05d4062796d4ffd4adc3012316

SHA512
864fa39423b8ca9c43fa177aca1484ec2ffae4868a434e7a8016efe88f396b67fb8ca3766f611de7218e9983653a8b7b88b07c2591b252dd93a0d9638980e7ff

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21322\api-ms-win-crt-process-l1-1-0.dll

Filesize
19KB

MD5
9ee275466394a2088d7dfbbc0c716671

SHA1
4d2f94674587251c60805889395ab7377e8c5e17

SHA256
c68a61c260454c0aeb051ddb2bed52cbca44b96d50046017cbc351b41f225dc0

SHA512
996212d07b0b6e55f54e17d6a053f017b1fd00f50906db9de25b8ae5632eeac9c197e91db1c293e7abf0e8b823937cb18e26f43e166f76c02a6914c9776a72b3

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21322\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
23KB

MD5
55b80c522731ecb92914bf9cded028c2

SHA1
424c61bc659caf04281959ede1b1f03b703934ed

SHA256
4c787ff8d40bb803e75fe6218fec36a672cfa6cfc7f6e80e68a7eb0b77a10e5a

SHA512
3779b530c7dba624369cb0f5d15154d89547adc3c4c7cc0571f1e8326588165098b9b5768d0052ecf1ea4f2dc84ae7dcf4712e3bc9ebdadb5fca4b0f4de43812

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21322\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
24KB

MD5
4614d03a94d46c0e9d1c5d96a3fe1d78

SHA1
cacb73ca3c7e31a4b8f749854060b7a422497050

SHA256
c7919be431ce2fa1906ff9eeb19e4cb19a30a4680107ef8737ce894654b21a5a

SHA512
4f30e8c5893662d7889a049c206b08559ad1a34eb7927be313086d6dae40dca3571de3852dba2ad9324e028fa86e8a391a58ec48ba5dbd5c4a88660ffe8b30df

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21322\api-ms-win-crt-string-l1-1-0.dll

Filesize
24KB

MD5
7a2799f4bc45505e7104e06dc8e254f8

SHA1
323bc35e0101b351a4abde1fce698520832518a8

SHA256
92f72f495a6897f7d7cf2c2064b2b65f6b4fbd4f30911a534a5cd0de73395ebe

SHA512
2627da183779f17fcc9709a6da2e2916a296f61124adb9bf563c80d723ada9b769806cab8fbc4ed916f54fd4cde18f25e7ad53ed6c75e7e61fdef37c2f1ec9b2

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21322\api-ms-win-crt-time-l1-1-0.dll

Filesize
21KB

MD5
38b633f132f8e2b3abc268537fa415ec

SHA1
ccccb8c3e31dce7b6b952022d245c11ff3ae8122

SHA256
46cb7b3a9f8aac5adcdbe23494e458f3195adf4b8ed1c71f2d934ddde651e57e

SHA512
23bd77d61c20b1af7f13b5bcbeb9fa74ee807f809bb3d4dd40c7709ca4870078fa6e8e94eefc83a725c0245c0ce02e3adbd4f370d6b986f0c9442ccbc2c2ab96

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21322\api-ms-win-crt-utility-l1-1-0.dll

Filesize
19KB

MD5
5cde35104a68606913af6e5bd3b1adea

SHA1
f1f28141585c000753ab4db9ffc61f90929d4a1a

SHA256
111f6dd2e7247071a33d75bf98d521a8d09c4071f90483a82e6ed9af69bb52c4

SHA512
caa5f80ac380a6e0242104f297fbfe6091260d743ef967fb1010720dbcba2a575baf8cb1f666b11fe780428d71a04767e2cc63d1bd9638d5f1af1063e3f43f91

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21322\sqlite3.dll

Filesize
1.1MB

MD5
e0faa2ddf1c05dabe10de1c4bfa6f705

SHA1
cc0aefb96654947a2081fe144c0c76438e4b77dc

SHA256
80830fe350e383dfec02b4ce090a14f9e1415e830c5c8fd9a2133e141c33ca5c

SHA512
70b3db39a69ed52135ccb067326daa2b830ac9e7d2107cb5538ebf0b049112eb3e7bef84e025a531554f35e0e43dbb4c84057c33ff1c9af7e8cabb579c117b2c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI21322\win32\win32crypt.pyd

Filesize
121KB

MD5
ef4b6adb5ccdee5b24c8e8414983919f

SHA1
ae463da1c17c0202297dadc90a106f1ae2ee2529

SHA256
5dd784d541ac560cd8d0523cf6d3a78d954f15f62c507a340da8aa27c2bd70d2

SHA512
a1511b03b1863e01fd5ee7bb784bbb56e9fc56a7351ce3fd8955055ae8baba90fef795eb913ff2ce42ebbe7028d32004adf43e2f3f56cc4e58f5db37fd7e7f9c

Download Submit