c977ae66e324525a57dd0982d670fce03626aa70b4c57e7aff2ba8eab97e4e75

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2024 06:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Erebus-master/gather/cookies.exe
Size

6.5MB
MD5

887eaff4676116c56d24a8e451a7af13
SHA1

cc0dd8f039dc978fca2618656d4a70c43ae403a7
SHA256

438cf9de347cd3d4254b709f914c421ae23ce6d0ab364054b49a736f6de228f7
SHA512

9caacd1abe34c4a75910ee1bb125ae48ef7ffac3a630a5cd52cb6ec8d719b2a851ec22fc0ad790af0b82d4e0fc1a2fd1dfb4111186e0ae3311e620ba2ed91453
SSDEEP

196608:0cY9VhKd9e+q2WWmQqh+ZZRt5d85EkUtquStb:gVUd9vqZQfeNLj

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
1968	cookies.exe
1968	cookies.exe
1968	cookies.exe
1968	cookies.exe
1968	cookies.exe
1968	cookies.exe
1968	cookies.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	1968	cookies.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 1968	2044	cookies.exe	84
PID 2044 wrote to memory of 1968	2044	cookies.exe	84

C:\Users\Admin\AppData\Local\Temp\Erebus-master\gather\cookies.exe
"C:\Users\Admin\AppData\Local\Temp\Erebus-master\gather\cookies.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Users\Admin\AppData\Local\Temp\Erebus-master\gather\cookies.exe
  "C:\Users\Admin\AppData\Local\Temp\Erebus-master\gather\cookies.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:1968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI20442\VCRUNTIME140.dll

Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20442\_sqlite3.pyd

Filesize
83KB

MD5
71d8d3b5aa31b0bce21c1557bf2df269

SHA1
4e5b7c44ce996f5e6986d5a1eccb4441fb648590

SHA256
440aae80b5026dc0f2d4ad080079dec960d236063b3eef3a456b8fb0c954825d

SHA512
b4f536197739431e4d3ad922f2a861c72f43972ab279b17788666642a26cd04a5c0af00124ceb858e69004ecf49535f2b6ca4987c280beda08a89d34a8e5b405

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20442\base_library.zip

Filesize
760KB

MD5
360211535ba28975acde38b7b7e513c9

SHA1
9da413c45c9055ed5e635a5e76e78b5cb18c8876

SHA256
ee41c32fa4eb264397e5303e104a74df515463be9d5d55d2b459487fe8944837

SHA512
891b2bbef2e79c3b2d3d747b279ec33afe3c0c89928354cb01dc02f1b41915141b5bb3bf51131cfa251f1d631a9e2568e821e382e860329066119468fb95979a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20442\cookies.exe.manifest

Filesize
1KB

MD5
6bdfba498750008ba0e5c88d27cf2705

SHA1
7ec69a9dcee8aabc59b4569f5f6994a141975c52

SHA256
29e43ecfadf07f699837d572d966397210ed71875638512ba0019d7d64be340e

SHA512
ddcd84b93e39cef0ad1a86e9749a316c079bd856d509b160cc874e80f1e141830b5ecfa3482b021fb4b6667b8267c3329f3573ec5d197a87b9982277702d01e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20442\python37.dll

Filesize
3.6MB

MD5
d558d4db5a6bd29a8b60b8aa46e5329a

SHA1
a5036009de7165b1b4721263eae4b240ee689095

SHA256
1cfdd40a9107d89310e4e3b6df5f25f26944b312e61638d014f1b1a8050ccc07

SHA512
5590fbd6c9c81293b21e9da9d35d5177f03ba3d247771e4abef3420420d9024f3a775796d73becd5aeb469df648d3105a016693c6b8f68e8c61399212439eebf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20442\pywintypes37.dll

Filesize
134KB

MD5
ed2b6bed0b3bdaab7b2a9f86190a6908

SHA1
7a9d658b5d92f1aaa6f717d0092ff89aff956bca

SHA256
8c11ff4d8718138e180615f86af2030fe86d700933fd6314714f7892a94ea1e4

SHA512
0404f418d0f6b6e66a14de1d25340761b80692b93611ac1db5052bbd1043b09606fc75f22b0b64d1367fa3cd1fe2c55fd8fb5064a1bba8a281ff0909108ea0e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20442\sqlite3.dll

Filesize
1.1MB

MD5
e0faa2ddf1c05dabe10de1c4bfa6f705

SHA1
cc0aefb96654947a2081fe144c0c76438e4b77dc

SHA256
80830fe350e383dfec02b4ce090a14f9e1415e830c5c8fd9a2133e141c33ca5c

SHA512
70b3db39a69ed52135ccb067326daa2b830ac9e7d2107cb5538ebf0b049112eb3e7bef84e025a531554f35e0e43dbb4c84057c33ff1c9af7e8cabb579c117b2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20442\ucrtbase.dll

Filesize
999KB

MD5
b1399c7bcc6ac3806a6b904212faf547

SHA1
bb75cb27c951f7e5d34cc514d598e34e372b18d1

SHA256
476a9bbb93f15181bf5c379be141e0518439dff7bb13b35a98698c85f2f092d9

SHA512
14918a56c6195562e6954395286a18ac4fa61f8768a9060a153a4e0eb698a1d2b2bd75c18303db511b5cb68b2c2677d2442466a5ca8a6484e5318948b8397a75

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20442\win32\win32crypt.pyd

Filesize
121KB

MD5
ef4b6adb5ccdee5b24c8e8414983919f

SHA1
ae463da1c17c0202297dadc90a106f1ae2ee2529

SHA256
5dd784d541ac560cd8d0523cf6d3a78d954f15f62c507a340da8aa27c2bd70d2

SHA512
a1511b03b1863e01fd5ee7bb784bbb56e9fc56a7351ce3fd8955055ae8baba90fef795eb913ff2ce42ebbe7028d32004adf43e2f3f56cc4e58f5db37fd7e7f9c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads