mystic | ff8f134391a532e21b0f0ac5eea22d1ad208b00f8c474b1ba6d3390977ead370

Analysis

max time kernel
127s
max time network
132s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
22/09/2023, 06:54

Target

ff8f134391a532e21b0f0ac5eea22d1ad208b00f8c474b1ba6d3390977ead370.exe
Size

700KB
MD5

83248a3b00e0b2895e73f5c1d22d483c
SHA1

9c69aa6e7cbc8d61a2311ddcdf7014fcf3f8f724
SHA256

ff8f134391a532e21b0f0ac5eea22d1ad208b00f8c474b1ba6d3390977ead370
SHA512

2ce1858f0603bf4fb0bebad9e4eecf638794da00f34bd476c5bbecd9d9255f2c442e7e6dfbe74774c442f34d7d58ca325be26387be2181895c8db976c3988f6b
SSDEEP

6144:em6vGALXgBEIy8wluzNcq/PVucQpGbmqRbtGyRCJx3Xn33HOYaAhVOfr:gHXgFysVucQpGbmC5Gnv7atr

Score

10^/10

mystic stealer

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3856 set thread context of 4996	3856	ff8f134391a532e21b0f0ac5eea22d1ad208b00f8c474b1ba6d3390977ead370.exe	71

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4952	3856	WerFault.exe	69

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 3856 wrote to memory of 4996	3856	ff8f134391a532e21b0f0ac5eea22d1ad208b00f8c474b1ba6d3390977ead370.exe	71
PID 3856 wrote to memory of 4996	3856	ff8f134391a532e21b0f0ac5eea22d1ad208b00f8c474b1ba6d3390977ead370.exe	71
PID 3856 wrote to memory of 4996	3856	ff8f134391a532e21b0f0ac5eea22d1ad208b00f8c474b1ba6d3390977ead370.exe	71
PID 3856 wrote to memory of 4996	3856	ff8f134391a532e21b0f0ac5eea22d1ad208b00f8c474b1ba6d3390977ead370.exe	71
PID 3856 wrote to memory of 4996	3856	ff8f134391a532e21b0f0ac5eea22d1ad208b00f8c474b1ba6d3390977ead370.exe	71
PID 3856 wrote to memory of 4996	3856	ff8f134391a532e21b0f0ac5eea22d1ad208b00f8c474b1ba6d3390977ead370.exe	71
PID 3856 wrote to memory of 4996	3856	ff8f134391a532e21b0f0ac5eea22d1ad208b00f8c474b1ba6d3390977ead370.exe	71
PID 3856 wrote to memory of 4996	3856	ff8f134391a532e21b0f0ac5eea22d1ad208b00f8c474b1ba6d3390977ead370.exe	71
PID 3856 wrote to memory of 4996	3856	ff8f134391a532e21b0f0ac5eea22d1ad208b00f8c474b1ba6d3390977ead370.exe	71
PID 3856 wrote to memory of 4996	3856	ff8f134391a532e21b0f0ac5eea22d1ad208b00f8c474b1ba6d3390977ead370.exe	71

C:\Users\Admin\AppData\Local\Temp\ff8f134391a532e21b0f0ac5eea22d1ad208b00f8c474b1ba6d3390977ead370.exe
"C:\Users\Admin\AppData\Local\Temp\ff8f134391a532e21b0f0ac5eea22d1ad208b00f8c474b1ba6d3390977ead370.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3856
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:4996
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 148
  2⤵
  - Program crash
  PID:4952

memory/4996-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4996-3-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4996-4-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4996-5-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4996-6-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download