mystic | 376ba90c1d51b691d757e0c8356e2eb6ab9754f567554cb7806ce541bf7c4979

Analysis

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2023, 17:02

Target

376ba90c1d51b691d757e0c8356e2eb6ab9754f567554cb7806ce541bf7c4979.exe
Size

700KB
MD5

29d52077f7edde6b77d5bc50006ab60f
SHA1

f1ddafb2db6f4245cdc6fc4655ccbcf0efe48f24
SHA256

376ba90c1d51b691d757e0c8356e2eb6ab9754f567554cb7806ce541bf7c4979
SHA512

337cca9e007abf81c145adde95a5371d016db57777da29f8d66fc510503ce4336cd6e8a807d06ae3bc245f68fcba53ea2a271aaf9fcacb92d2ea5277005ca4b8
SSDEEP

6144:7I6vGALXgBEIy8wluzNcq/PVucQp+NqWBfmnM9ggO+Oi6H4WF/sO07vvfr:1HXgFysVucQp+A2faM9ggOViMB/27fr

Score

10^/10

mystic stealer

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4808 set thread context of 4424	4808	376ba90c1d51b691d757e0c8356e2eb6ab9754f567554cb7806ce541bf7c4979.exe	86

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4908	4808	WerFault.exe	83

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4808 wrote to memory of 4424	4808	376ba90c1d51b691d757e0c8356e2eb6ab9754f567554cb7806ce541bf7c4979.exe	86
PID 4808 wrote to memory of 4424	4808	376ba90c1d51b691d757e0c8356e2eb6ab9754f567554cb7806ce541bf7c4979.exe	86
PID 4808 wrote to memory of 4424	4808	376ba90c1d51b691d757e0c8356e2eb6ab9754f567554cb7806ce541bf7c4979.exe	86
PID 4808 wrote to memory of 4424	4808	376ba90c1d51b691d757e0c8356e2eb6ab9754f567554cb7806ce541bf7c4979.exe	86
PID 4808 wrote to memory of 4424	4808	376ba90c1d51b691d757e0c8356e2eb6ab9754f567554cb7806ce541bf7c4979.exe	86
PID 4808 wrote to memory of 4424	4808	376ba90c1d51b691d757e0c8356e2eb6ab9754f567554cb7806ce541bf7c4979.exe	86
PID 4808 wrote to memory of 4424	4808	376ba90c1d51b691d757e0c8356e2eb6ab9754f567554cb7806ce541bf7c4979.exe	86
PID 4808 wrote to memory of 4424	4808	376ba90c1d51b691d757e0c8356e2eb6ab9754f567554cb7806ce541bf7c4979.exe	86
PID 4808 wrote to memory of 4424	4808	376ba90c1d51b691d757e0c8356e2eb6ab9754f567554cb7806ce541bf7c4979.exe	86
PID 4808 wrote to memory of 4424	4808	376ba90c1d51b691d757e0c8356e2eb6ab9754f567554cb7806ce541bf7c4979.exe	86

C:\Users\Admin\AppData\Local\Temp\376ba90c1d51b691d757e0c8356e2eb6ab9754f567554cb7806ce541bf7c4979.exe
"C:\Users\Admin\AppData\Local\Temp\376ba90c1d51b691d757e0c8356e2eb6ab9754f567554cb7806ce541bf7c4979.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4808
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:4424
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 148
  2⤵
  - Program crash
  PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4808 -ip 4808
1⤵
PID:2120

memory/4424-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4424-1-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4424-2-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4424-3-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4424-4-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download