Overview

overview

10

Static

static

1c41760f68...34.exe

windows7_x64

10

1c41760f68...34.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    83s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220112
  • submitted
    09-03-2022 14:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1c41760f68b7a46f7c3a75a202a24ac5e7487fb7ae30db9e95d01c4ca7dee634.exe

  • Size

    1.6MB

  • MD5

    f1a70d656879dbdc6c3ce4f4fdfdb555

  • SHA1

    9c9e1f1e03c0ae58cbe5cae2a2cb86847b3af653

  • SHA256

    1c41760f68b7a46f7c3a75a202a24ac5e7487fb7ae30db9e95d01c4ca7dee634

  • SHA512

    95f2903f99798903b0802408307345874e126b15b313f249becf87453edc1c3a38001d35c5ce40f0462cb2daf5fabe6a1c77a00b69d19d205c0b721eb32e0679

Score
10/10
pandastealerstealer

Malware Config

Signatures

  • Panda Stealer Payload 3 IoCs
  • PandaStealer

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

    stealerpandastealer
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1c41760f68b7a46f7c3a75a202a24ac5e7487fb7ae30db9e95d01c4ca7dee634.exe
    "C:\Users\Admin\AppData\Local\Temp\1c41760f68b7a46f7c3a75a202a24ac5e7487fb7ae30db9e95d01c4ca7dee634.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:788
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
      2⤵
        PID:3872
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 376
          3⤵
          • Program crash
          PID:2480
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3872 -ip 3872
      1⤵
        PID:3172

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/788-130-0x0000000074FA0000-0x0000000075750000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/788-131-0x0000000000020000-0x00000000001C8000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/788-132-0x0000000004BF0000-0x0000000004C8C000-memory.dmp

        Filesize

        624KB

        Download

      • memory/788-133-0x0000000004E10000-0x0000000004E11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/788-134-0x0000000007950000-0x0000000007EF4000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/788-135-0x0000000007480000-0x0000000007512000-memory.dmp

        Filesize

        584KB

        Download

      • memory/788-136-0x0000000002430000-0x0000000002452000-memory.dmp

        Filesize

        136KB

        Download

      • memory/3872-138-0x0000000000140000-0x00000000001ED000-memory.dmp

        Filesize

        692KB

        Download

      • memory/3872-141-0x0000000000140000-0x00000000001ED000-memory.dmp

        Filesize

        692KB

        Download

      • memory/3872-144-0x0000000000140000-0x00000000001ED000-memory.dmp

        Filesize

        692KB

        Download