mystic | f7f9b5e8857de83934732e943bbb0d9d996ccf596dd20069201e0d9e20f7cb79

Analysis

max time kernel
135s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2023, 20:55

Target

f7f9b5e8857de83934732e943bbb0d9d996ccf596dd20069201e0d9e20f7cb79_JC.exe
Size

356KB
MD5

87f37631a05f33d93d78dae9d1a462fd
SHA1

a7b494439526e024bda21822de59f4f81042804d
SHA256

f7f9b5e8857de83934732e943bbb0d9d996ccf596dd20069201e0d9e20f7cb79
SHA512

6f10cbca5ecb3eb3da0c3d51f7075b4236942b17e15ababff0e250f2a0ea4439c4009eb7a11c6d16c86824569efeb658ba37188d7f65cace75e8a34e3022b9f9
SSDEEP

6144:CkTeW/s5GqrO5aXnfEGIXWPvZAOfyECo6wbG+22Ov69AC9K7B180X6ZFB2iPIPXT:amcGqrOk86xLCoWV8iwQPXKT9k5lQss2

Score

10^/10

mystic stealer

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4100 set thread context of 1468	4100	f7f9b5e8857de83934732e943bbb0d9d996ccf596dd20069201e0d9e20f7cb79_JC.exe	87

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4736	4100	WerFault.exe	85

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4100 wrote to memory of 1468	4100	f7f9b5e8857de83934732e943bbb0d9d996ccf596dd20069201e0d9e20f7cb79_JC.exe	87
PID 4100 wrote to memory of 1468	4100	f7f9b5e8857de83934732e943bbb0d9d996ccf596dd20069201e0d9e20f7cb79_JC.exe	87
PID 4100 wrote to memory of 1468	4100	f7f9b5e8857de83934732e943bbb0d9d996ccf596dd20069201e0d9e20f7cb79_JC.exe	87
PID 4100 wrote to memory of 1468	4100	f7f9b5e8857de83934732e943bbb0d9d996ccf596dd20069201e0d9e20f7cb79_JC.exe	87
PID 4100 wrote to memory of 1468	4100	f7f9b5e8857de83934732e943bbb0d9d996ccf596dd20069201e0d9e20f7cb79_JC.exe	87
PID 4100 wrote to memory of 1468	4100	f7f9b5e8857de83934732e943bbb0d9d996ccf596dd20069201e0d9e20f7cb79_JC.exe	87
PID 4100 wrote to memory of 1468	4100	f7f9b5e8857de83934732e943bbb0d9d996ccf596dd20069201e0d9e20f7cb79_JC.exe	87
PID 4100 wrote to memory of 1468	4100	f7f9b5e8857de83934732e943bbb0d9d996ccf596dd20069201e0d9e20f7cb79_JC.exe	87
PID 4100 wrote to memory of 1468	4100	f7f9b5e8857de83934732e943bbb0d9d996ccf596dd20069201e0d9e20f7cb79_JC.exe	87
PID 4100 wrote to memory of 1468	4100	f7f9b5e8857de83934732e943bbb0d9d996ccf596dd20069201e0d9e20f7cb79_JC.exe	87

C:\Users\Admin\AppData\Local\Temp\f7f9b5e8857de83934732e943bbb0d9d996ccf596dd20069201e0d9e20f7cb79_JC.exe
"C:\Users\Admin\AppData\Local\Temp\f7f9b5e8857de83934732e943bbb0d9d996ccf596dd20069201e0d9e20f7cb79_JC.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4100
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:1468
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 272
  2⤵
  - Program crash
  PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4100 -ip 4100
1⤵
PID:756

memory/1468-2-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1468-1-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1468-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1468-3-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1468-4-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download