mystic | 1d4d7c1afdb5e830b264b293b477c0a74768b4b9e8291d6e671d943c565f2409

Analysis

max time kernel
146s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 00:30

Target

SecuriteInfo.com.Trojan.KillProc2.21513.13921.6659.exe
Size

364KB
MD5

bc9e628e3ace1024cc79f1b2da9963a0
SHA1

fe859951cd2ca2f21ad0cd30a622af0a087c3906
SHA256

1d4d7c1afdb5e830b264b293b477c0a74768b4b9e8291d6e671d943c565f2409
SHA512

bbdd884f1c165733cc3f06479c166636a5e183ca0dbdf44a1a9e1452b506422549ba1cc9c205c9e9e9a5e7f1ec4f94da3f561e87469a23a8e0ceb4b8cdc0e48b
SSDEEP

6144:1r46fuYXChoQTjlFgLuCY1dRuAOpeEphBIMMIpHrJNbjRxLFaq1hkvw8y0:10YzXChdTbv1buPph4+HrJNbjRxJGvwX

Score

10^/10

mystic stealer

Family

mystic

http://5.42.92.211/loghub/master

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4488 set thread context of 3840	4488	SecuriteInfo.com.Trojan.KillProc2.21513.13921.6659.exe	87

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4128	4488	WerFault.exe	85

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4488 wrote to memory of 3840	4488	SecuriteInfo.com.Trojan.KillProc2.21513.13921.6659.exe	87
PID 4488 wrote to memory of 3840	4488	SecuriteInfo.com.Trojan.KillProc2.21513.13921.6659.exe	87
PID 4488 wrote to memory of 3840	4488	SecuriteInfo.com.Trojan.KillProc2.21513.13921.6659.exe	87
PID 4488 wrote to memory of 3840	4488	SecuriteInfo.com.Trojan.KillProc2.21513.13921.6659.exe	87
PID 4488 wrote to memory of 3840	4488	SecuriteInfo.com.Trojan.KillProc2.21513.13921.6659.exe	87
PID 4488 wrote to memory of 3840	4488	SecuriteInfo.com.Trojan.KillProc2.21513.13921.6659.exe	87
PID 4488 wrote to memory of 3840	4488	SecuriteInfo.com.Trojan.KillProc2.21513.13921.6659.exe	87
PID 4488 wrote to memory of 3840	4488	SecuriteInfo.com.Trojan.KillProc2.21513.13921.6659.exe	87
PID 4488 wrote to memory of 3840	4488	SecuriteInfo.com.Trojan.KillProc2.21513.13921.6659.exe	87
PID 4488 wrote to memory of 3840	4488	SecuriteInfo.com.Trojan.KillProc2.21513.13921.6659.exe	87

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.KillProc2.21513.13921.6659.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.KillProc2.21513.13921.6659.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4488
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:3840
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 236
  2⤵
  - Program crash
  PID:4128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4488 -ip 4488
1⤵
PID:4836

memory/3840-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/3840-1-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/3840-2-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/3840-3-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/3840-4-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download