Overview

overview

10

Static

static

4e093ee100...ee.exe

windows7-x64

10

4e093ee100...ee.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    170s
  • max time network
    36s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 17:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4e093ee10067fc626d554b03a382c773997cfb438997f4f639a9aaec9e6964ee.exe

  • Size

    653KB

  • MD5

    6549791f95f9aef9b36bdc610e164544

  • SHA1

    100124afab447d183bfa86dcab523d9b5e8e0eff

  • SHA256

    4e093ee10067fc626d554b03a382c773997cfb438997f4f639a9aaec9e6964ee

  • SHA512

    2701d24098a89c96808ae23d22581f113abeb15c26c70eb85ecdd859e7ae1a1846f543f5ce7f1a6e066664a228cfe41c273aae9b7470a853fe35f459582131eb

  • SSDEEP

    12288:8yizl10AJba1TfklX/Sns/SF5lwEhTjRUC3so0bJ2OxNJ4xiJ48E:pEJbaZklKs/SrnJjR7sT76iJ

Score
10/10
isrstealerstealertrojan

Malware Config

Signatures

  • ISR Stealer

    ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    trojanstealerisrstealer
  • ISR Stealer payload 3 IoCs
  • Suspicious use of SetThreadContext 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 48 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4e093ee10067fc626d554b03a382c773997cfb438997f4f639a9aaec9e6964ee.exe
    "C:\Users\Admin\AppData\Local\Temp\4e093ee10067fc626d554b03a382c773997cfb438997f4f639a9aaec9e6964ee.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1340
    • C:\Users\Admin\AppData\Local\Temp\4e093ee10067fc626d554b03a382c773997cfb438997f4f639a9aaec9e6964ee.exe
      C:\Users\Admin\AppData\Local\Temp\4e093ee10067fc626d554b03a382c773997cfb438997f4f639a9aaec9e6964ee.exe
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:468
      • C:\Users\Admin\AppData\Local\Temp\4e093ee10067fc626d554b03a382c773997cfb438997f4f639a9aaec9e6964ee.exe
        C:\Users\Admin\AppData\Local\Temp\4e093ee10067fc626d554b03a382c773997cfb438997f4f639a9aaec9e6964ee.exe
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:668
        • C:\Users\Admin\AppData\Local\Temp\4e093ee10067fc626d554b03a382c773997cfb438997f4f639a9aaec9e6964ee.exe
          C:\Users\Admin\AppData\Local\Temp\4e093ee10067fc626d554b03a382c773997cfb438997f4f639a9aaec9e6964ee.exe
          4⤵
          • Suspicious use of SetThreadContext
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1364
          • C:\Users\Admin\AppData\Local\Temp\4e093ee10067fc626d554b03a382c773997cfb438997f4f639a9aaec9e6964ee.exe
            C:\Users\Admin\AppData\Local\Temp\4e093ee10067fc626d554b03a382c773997cfb438997f4f639a9aaec9e6964ee.exe
            5⤵
            • Suspicious use of SetThreadContext
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1300
            • C:\Users\Admin\AppData\Local\Temp\4e093ee10067fc626d554b03a382c773997cfb438997f4f639a9aaec9e6964ee.exe
              C:\Users\Admin\AppData\Local\Temp\4e093ee10067fc626d554b03a382c773997cfb438997f4f639a9aaec9e6964ee.exe
              6⤵
              • Suspicious use of SetThreadContext
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:940
              • C:\Users\Admin\AppData\Local\Temp\4e093ee10067fc626d554b03a382c773997cfb438997f4f639a9aaec9e6964ee.exe
                C:\Users\Admin\AppData\Local\Temp\4e093ee10067fc626d554b03a382c773997cfb438997f4f639a9aaec9e6964ee.exe
                7⤵
                  PID:1880

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/468-55-0x0000000000000000-mapping.dmp

      Download

    • memory/468-57-0x000007FEF3370000-0x000007FEF3D93000-memory.dmp

      Filesize

      10.1MB

      Download

    • memory/668-59-0x000007FEF3370000-0x000007FEF3D93000-memory.dmp

      Filesize

      10.1MB

      Download

    • memory/668-61-0x0000000002286000-0x00000000022A5000-memory.dmp

      Filesize

      124KB

      Download

    • memory/668-58-0x0000000000000000-mapping.dmp

      Download

    • memory/940-68-0x0000000000000000-mapping.dmp

      Download

    • memory/940-70-0x000007FEF3DA0000-0x000007FEF47C3000-memory.dmp

      Filesize

      10.1MB

      Download

    • memory/940-73-0x0000000001FD6000-0x0000000001FF5000-memory.dmp

      Filesize

      124KB

      Download

    • memory/1300-64-0x0000000000000000-mapping.dmp

      Download

    • memory/1300-66-0x000007FEF3370000-0x000007FEF3D93000-memory.dmp

      Filesize

      10.1MB

      Download

    • memory/1300-69-0x0000000002046000-0x0000000002065000-memory.dmp

      Filesize

      124KB

      Download

    • memory/1340-56-0x0000000000126000-0x0000000000145000-memory.dmp

      Filesize

      124KB

      Download

    • memory/1340-54-0x000007FEF3DA0000-0x000007FEF47C3000-memory.dmp

      Filesize

      10.1MB

      Download

    • memory/1364-60-0x0000000000000000-mapping.dmp

      Download

    • memory/1364-62-0x000007FEF3DA0000-0x000007FEF47C3000-memory.dmp

      Filesize

      10.1MB

      Download

    • memory/1364-65-0x00000000008A6000-0x00000000008C5000-memory.dmp

      Filesize

      124KB

      Download

    • memory/1880-72-0x0000000000000000-mapping.dmp

      Download

    • memory/1880-74-0x000007FEF3370000-0x000007FEF3D93000-memory.dmp

      Filesize

      10.1MB

      Download