Overview

overview

10

Static

static

5cbe850f67...ab.exe

windows7_x64

10

5cbe850f67...ab.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    09-03-2022 14:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5cbe850f672ab2ba13bef9015eca0712fa071c918b4a435b6486e41f42862aab.exe

  • Size

    1.3MB

  • MD5

    396f2b95ceaa2a0f978b514b7552b2b4

  • SHA1

    b7bc8fc2437026235c0183cfe1f444a72cefc55a

  • SHA256

    5cbe850f672ab2ba13bef9015eca0712fa071c918b4a435b6486e41f42862aab

  • SHA512

    207b36b3282323ac0ccaaf3ebc077ee1d2f0bc7a36f3c0c1dea454af116f56682dfa8aabf04f52704a8f926f1264b7cc9ea9ee4c6555f5c44099db1aadf12562

Score
10/10
pandastealerstealer

Malware Config

Signatures

  • Panda Stealer Payload 4 IoCs
  • PandaStealer

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

    stealerpandastealer
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5cbe850f672ab2ba13bef9015eca0712fa071c918b4a435b6486e41f42862aab.exe
    "C:\Users\Admin\AppData\Local\Temp\5cbe850f672ab2ba13bef9015eca0712fa071c918b4a435b6486e41f42862aab.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:972
    • C:\Users\Admin\AppData\Local\Temp\5cbe850f672ab2ba13bef9015eca0712fa071c918b4a435b6486e41f42862aab.exe
      "{path}"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:556
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 136
        3⤵
        • Program crash
        PID:1272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/556-60-0x0000000000400000-0x00000000004AE000-memory.dmp

    Filesize

    696KB

    Download

  • memory/556-62-0x0000000000400000-0x00000000004AE000-memory.dmp

    Filesize

    696KB

    Download

  • memory/556-64-0x0000000000400000-0x00000000004AE000-memory.dmp

    Filesize

    696KB

    Download

  • memory/556-66-0x0000000000400000-0x00000000004AE000-memory.dmp

    Filesize

    696KB

    Download

  • memory/556-68-0x0000000000400000-0x00000000004AE000-memory.dmp

    Filesize

    696KB

    Download

  • memory/556-70-0x0000000000400000-0x00000000004AE000-memory.dmp

    Filesize

    696KB

    Download

  • memory/556-72-0x0000000000400000-0x00000000004AE000-memory.dmp

    Filesize

    696KB

    Download

  • memory/972-55-0x0000000001090000-0x00000000011DC000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/972-56-0x0000000074950000-0x000000007503E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/972-57-0x0000000004C90000-0x0000000004C91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/972-58-0x0000000000220000-0x0000000000234000-memory.dmp

    Filesize

    80KB

    Download

  • memory/972-59-0x0000000008560000-0x000000000865A000-memory.dmp

    Filesize

    1000KB

    Download