Overview

overview

10

Static

static

3848e61897...b4.exe

windows7_x64

10

3848e61897...b4.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    39s
  • max time network
    43s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    12-06-2022 23:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3848e61897e3fbc185353a109e0de82164d50a00e1c793290ad7cfd53a9807b4.exe

  • Size

    762KB

  • MD5

    1c4dbd755e7ba59d2a4ce457f09f755b

  • SHA1

    80b81ba84a6a507c241f5a99e34153fab47d3f0b

  • SHA256

    3848e61897e3fbc185353a109e0de82164d50a00e1c793290ad7cfd53a9807b4

  • SHA512

    55a509c9a3be54093b13409da0f7720932e5eb9fab3d6322bcdef0755584aff10224bc98b4ae3db68261900e9a56359416cc0cffde429c0d0cf09fdccd07c90d

Score
10/10
isrstealerstealertrojan

Malware Config

Signatures

  • ISR Stealer

    ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    trojanstealerisrstealer
  • ISR Stealer Payload 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3848e61897e3fbc185353a109e0de82164d50a00e1c793290ad7cfd53a9807b4.exe
    "C:\Users\Admin\AppData\Local\Temp\3848e61897e3fbc185353a109e0de82164d50a00e1c793290ad7cfd53a9807b4.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1472
    • C:\Windows\SysWOW64\cmd.exe
      "cmd.exe"
      2⤵
        PID:752
      • C:\Users\Admin\AppData\Local\Temp\svhost.exe
        "C:\Users\Admin\AppData\Local\Temp\svhost.exe"
        2⤵
        • Executes dropped EXE
        PID:1828

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\svhost.exe
      Filesize

      1.6MB

      MD5

      32827e69b293b99013bbbe37d029245d

      SHA1

      bc9f80a38f09354d71467a05b0c5a82c3f7dac53

      SHA256

      9250b89157770e3ab59a2c7e2dd6b12b3c61d9b7c6620c3b4727e4bfff10f01f

      SHA512

      58c9a072e2bea0a8f22b4e69512abafad271ca91f2e3d2b4233796dd3d83021aad1c6da69fc8f7e7ca7919d34bde941cb8b5d185b668168866d1180558b93cf5

      Download Submit

    • \Users\Admin\AppData\Local\Temp\svhost.exe
      Filesize

      1.6MB

      MD5

      32827e69b293b99013bbbe37d029245d

      SHA1

      bc9f80a38f09354d71467a05b0c5a82c3f7dac53

      SHA256

      9250b89157770e3ab59a2c7e2dd6b12b3c61d9b7c6620c3b4727e4bfff10f01f

      SHA512

      58c9a072e2bea0a8f22b4e69512abafad271ca91f2e3d2b4233796dd3d83021aad1c6da69fc8f7e7ca7919d34bde941cb8b5d185b668168866d1180558b93cf5

      Download Submit

    • memory/1472-54-0x0000000074F21000-0x0000000074F23000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1472-55-0x0000000074290000-0x000000007483B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1472-68-0x0000000074290000-0x000000007483B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1828-58-0x0000000000080000-0x00000000000C2000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1828-59-0x0000000000080000-0x00000000000C2000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1828-61-0x0000000000080000-0x00000000000C2000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1828-66-0x0000000000080000-0x00000000000C2000-memory.dmp

      Filesize

      264KB

      Download