mystic | 6c4ec069a59f67ce0be56cf42c22795daac99bea9f24a8eb529e815dd71130c1

Analysis

max time kernel
137s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 20:46

Target

1319d7501351f1023273cda386fbde4dea62cb7de9b3a2a5b38f5e7f51407191.exe
Size

364KB
MD5

a77a497f68f991f18240a4968f3b8521
SHA1

9bf8b5803f7224a3d66d904d205c18ac64aa7cf6
SHA256

1319d7501351f1023273cda386fbde4dea62cb7de9b3a2a5b38f5e7f51407191
SHA512

50e4f3d68b48e975fcc0d63997cea85b3287a279becc35bf4244744f5f9ec51bed9c85f8b7a6b23a51dbeca41969558e87d3d8bd2954568d82cfb5ee0a232cd6
SSDEEP

6144:iy46fuYXChoQTjlFgLuCY1dRuAOCHuH2yiZwyZwZxhXmXXXXXXXR59yw8y0:iXYzXChdTbv1buNiZwDZ7XOnnnRnyw8y

Score

10^/10

mystic stealer

Family

mystic

http://5.42.92.211/loghub/master

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2340 set thread context of 3940	2340	1319d7501351f1023273cda386fbde4dea62cb7de9b3a2a5b38f5e7f51407191.exe	86

Program crash 1 IoCs

pid	pid_target	Process	procid_target
892	2340	WerFault.exe	84

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 3940	2340	1319d7501351f1023273cda386fbde4dea62cb7de9b3a2a5b38f5e7f51407191.exe	86
PID 2340 wrote to memory of 3940	2340	1319d7501351f1023273cda386fbde4dea62cb7de9b3a2a5b38f5e7f51407191.exe	86
PID 2340 wrote to memory of 3940	2340	1319d7501351f1023273cda386fbde4dea62cb7de9b3a2a5b38f5e7f51407191.exe	86
PID 2340 wrote to memory of 3940	2340	1319d7501351f1023273cda386fbde4dea62cb7de9b3a2a5b38f5e7f51407191.exe	86
PID 2340 wrote to memory of 3940	2340	1319d7501351f1023273cda386fbde4dea62cb7de9b3a2a5b38f5e7f51407191.exe	86
PID 2340 wrote to memory of 3940	2340	1319d7501351f1023273cda386fbde4dea62cb7de9b3a2a5b38f5e7f51407191.exe	86
PID 2340 wrote to memory of 3940	2340	1319d7501351f1023273cda386fbde4dea62cb7de9b3a2a5b38f5e7f51407191.exe	86
PID 2340 wrote to memory of 3940	2340	1319d7501351f1023273cda386fbde4dea62cb7de9b3a2a5b38f5e7f51407191.exe	86
PID 2340 wrote to memory of 3940	2340	1319d7501351f1023273cda386fbde4dea62cb7de9b3a2a5b38f5e7f51407191.exe	86
PID 2340 wrote to memory of 3940	2340	1319d7501351f1023273cda386fbde4dea62cb7de9b3a2a5b38f5e7f51407191.exe	86

C:\Users\Admin\AppData\Local\Temp\1319d7501351f1023273cda386fbde4dea62cb7de9b3a2a5b38f5e7f51407191.exe
"C:\Users\Admin\AppData\Local\Temp\1319d7501351f1023273cda386fbde4dea62cb7de9b3a2a5b38f5e7f51407191.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:3940
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
  2⤵
  - Program crash
  PID:892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2340 -ip 2340
1⤵
PID:4132

memory/3940-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/3940-1-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/3940-2-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/3940-3-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/3940-4-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/3940-5-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download