Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 07:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    1016KB

  • MD5

    bc65d604465049597b656b73b1afd328

  • SHA1

    6a9160a225faf54cea360ebcaaf95515d4934c46

  • SHA256

    e8d64a783e8e02f927a12be9ecb7f413fb03916cfebcb0a198bce1e37b9e5554

  • SHA512

    cdc1c5047dccffeab279ff9c42b32f08837f00a681e86b9bb3853ec694f85118bc6c5b9a611fdf6e2e84cfb3ca9a29d25bb215576242f7345eb69e7f644b599e

  • SSDEEP

    12288:T+mAovYIBYDKzcx9jkmP8bey7/0RDMmZZxnyUuyyu6pbqFghgL/9:TH/YDKzcx9jkmPe/knxyf0FghC9

Score
10/10
mysticstealer

Malware Config

Signatures

  • Detect Mystic stealer payload 6 IoCs
  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2888
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 196
        3⤵
        • Program crash
        PID:2772
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 92
      2⤵
      • Program crash
      PID:2752

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2888-0-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2888-2-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2888-1-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2888-4-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2888-8-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2888-6-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2888-10-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2888-11-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2888-13-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2888-15-0x0000000000400000-0x0000000000428000-memory.dmp

          Filesize

          160KB

          Download