Overview

overview

10

Static

static

3

SecuriteIn...74.exe

windows7-x64

10

SecuriteIn...74.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    10-10-2023 22:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Trojan.Inject4.61510.19284.29774.exe

  • Size

    356KB

  • MD5

    2ae04669e3ca0338f02653445e52fd15

  • SHA1

    c3d75770dff1b03d35ec7bfa5f57b325c2f7666e

  • SHA256

    bf3123f9b064cd14e3c265e97f5f120acc400731e75e04b44b5a3ca508017b5c

  • SHA512

    cc4f3269684a3ddca15c2d04be38f0d1dc276299bdebd00ffc0b0b99b94f521683296dbd4a3fbb6a072077c4a37d9d2767d13d22636d63340af7f3a0109807e4

  • SSDEEP

    6144:tgTeW/s5GqrO5aXnfEGIXWPvZAONy9GHkcDa3t+aiJHV+uL3qswVs0BC+:XmcGqrOk86xu4kcDwt+a2HV+uLaLs0Bl

Score
10/10
mysticstealer

Malware Config

Signatures

  • Detect Mystic stealer payload 6 IoCs
  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject4.61510.19284.29774.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject4.61510.19284.29774.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2824
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2568
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 196
        3⤵
        • Program crash
        PID:2748
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 76
      2⤵
      • Program crash
      PID:2564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2568-3-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2568-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2568-7-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2568-5-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2568-4-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2568-2-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2568-1-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2568-9-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2568-0-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2568-11-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download